Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
- https://technet.micr...lletin/ms11-dec
December 13, 2011 - "This bulletin summary lists security bulletins released for December 2011...
(Total of -13- )
Critical - 3
Microsoft Security Bulletin MS11-087 - Critical
Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
- https://technet.micr...lletin/ms11-087
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS11-090 - Critical
Cumulative Security Update of ActiveX Kill Bits (2618451)
- https://technet.micr...lletin/ms11-090
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS11-092 - Critical
Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)
- https://technet.micr...lletin/ms11-092
Critical - Remote Code Execution - May require restart - Microsoft Office
Important - 10
Microsoft Security Bulletin MS11-088 - Important
Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)
- https://technet.micr...lletin/ms11-088
Important - Elevation of Privilege - May require restart - Microsoft Office
Microsoft Security Bulletin MS11-089 - Important
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)
- https://technet.micr...lletin/ms11-089
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS11-091 - Important
Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)
- https://technet.micr...lletin/ms11-091
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS11-093 - Important
Vulnerability in OLE Could Allow Remote Code Execution (2624667)
- https://technet.micr...lletin/ms11-093
Important - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS11-094 - Important
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)
- https://technet.micr...lletin/ms11-094
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS11-095 - Important
Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)
- https://technet.micr...lletin/ms11-095
Important - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS11-096 - Important
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
- https://technet.micr...lletin/ms11-096
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS11-097 - Important
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
- https://technet.micr...lletin/ms11-097
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS11-098 - Important
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)
- https://technet.micr...lletin/ms11-098
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS11-099 - Important
Cumulative Security Update for Internet Explorer (2618444)
- https://technet.micr...lletin/ms11-099
Important - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
___
Deployment Priority
- https://blogs.techne...2D00_12-dep.png
Severity and Exploitability Index
- https://blogs.techne...2D00_12-dep.png
- https://blogs.techne...Redirected=true
"... Why 13 bulletins and not 14, as we stated in the ANS announcement on Thursday? After that announcement, we discovered an apps-compatibility issue between one bulletin-candidate and a major third-party vendor... The issue addressed in that bulletin, which we have been monitoring and against which we have seen no active attacks in the wild, was discussed in Security Advisory 2588513*."
* https://technet.micr...dvisory/2588513
- http://web.nvd.nist....d=CVE-2011-3389
Last revised: 12/13/2011
CVSS v2 Base Score: 4.3 (MEDIUM)
- https://www.computer..._fixes_Duqu_bug
December 13, 2011 - "... scrubbed security update was to fix the SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0 bug demonstrated in September 2011 by researchers who crafted a hacking tool dubbed BEAST... SAP... was the third-party vendor who reported compatibility problems...."
___
ISC Analysis
- https://isc.sans.edu...l?storyid=12193
Last Updated: 2011-12-14 02:29:09 UTC
___
Security Advisory updates:
Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
- https://technet.micr...dvisory/2639658
V2.0 (December 13, 2011): Advisory updated to reflect publication of security bulletin. MS11-087.
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.micr...dvisory/2269637
V13.0 (December 13, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-099, "Cumulative Security Update for Internet Explorer;" and MS11-094, "Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution."
___
- https://secunia.com/advisories/46724/ - MS11-087
- https://secunia.com/advisories/47062/ - MS11-088
- https://secunia.com/advisories/47098/ - MS11-089
- https://secunia.com/advisories/47099/ - MS11-090
- https://secunia.com/advisories/47117/ - MS11-092
- https://secunia.com/advisories/47207/ - MS11-093
- https://secunia.com/advisories/47208/ - MS11-094
- https://secunia.com/advisories/47213/ - MS11-094
- https://secunia.com/advisories/47202/ - MS11-095
- https://secunia.com/advisories/47203/ - MS11-096
- https://secunia.com/advisories/47210/ - MS11-097
- https://secunia.com/advisories/47204/ - MS11-098
- https://secunia.com/advisories/47212/ - MS11-099
___
MSRT
- http://support.micro...om/?kbid=890830
December 13, 2011 - Revision: 96.0
(Recent additions)
- http://www.microsoft...e-families.aspx
... added this release...
• Helompy
Download:
- http://www.microsoft...i...ng=en&id=16
File Name: windows-kb890830-v4.3.exe - 14.5 MB
- https://www.microsof...ls.aspx?id=9905
x64 version of MSRT:
File Name: windows-kb890830-x64-v4.3.exe - 14.8 MB
- https://blogs.techne...Redirected=true
13 Dec 2011
___
Dec. 2011 Security Bulletin Q&A:
- https://blogs.techne...Redirected=true
Dec. 14, 2011
.
Edited by AplusWebMaster, 02 January 2012 - 11:31 AM.
