Today is the second Tuesday of December, so, according to its usual schedule, Microsoft has released this month’s batch of security bulletins and patches for Windows and related software. This month, there are 13 patches for 17 identified vulnerabilities. (This count is one fewer than the original estimate of 14 patches. I do not know, offhand, whether a patch was dropped, or if two patches were combined.) Three of the patches have a maximum severity rating of Critical; the rest are rated Important. Eight of the patches are for Windows itself; the others are for Microsoft Office. All supported versions of Windows are affected; for a breakdown of patches by version and severity, check this month’s preview post.
Further details, and download links, are in the Security Bulletin Summary for December 2011. Microsoft says that four of the patch installations will definitely require a system restart, and the others may require one, depending on the configuration of your system.
One of the bulletins (MS11-087) concerns a vulnerability in the kernel mode handling of True Type fonts; there is some evidence that this vulnerability is being exploited already.
As always, I recommend that you update your systems as soon as you conveniently can.
The Internet Storm Center at the SANS Institute has, as usual, released their summary of this month’s patches, along with their severity ratings for client and server systems. Note that the ISC rates several patches as Critical that Microsoft rates as Important.