Skip to main content
MSRC

2009

Assessing the risk of the December security bulletins

Tuesday, December 08, 2009

This morning we released six security bulletins, three Critical and three Important, addressing 12 CVE’s. Please apply the Internet Explorer update right away as it poses the most risk of all the bulletins due to severity and exploitability. The Internet Explorer update addresses the vulnerability described by Security Advisory 977981. We hope that the table and commentary below will help you prioritize the deployment of the other updates appropriately.

December 2009 Security Bulletin Release

Tuesday, December 08, 2009

Summary of Microsoft’s Security Bulletin Release for December 2009 As noted in our Advance Notification (ANS) last Thursday, for the December bulletin release we issued six security bulletins addressing 12 vulnerabilities. Affected products include Windows, Internet Explorer (IE) and Microsoft Office products. In the ANS, we also noted that the bulletin for IE (MS09-072) is at the top of our deployment priority list this month.

Extended Protection for Authentication

Tuesday, December 08, 2009

This month, Microsoft is releasing several non-security updates that implement Extended Protection for Authentication as a mechanism to help safeguard authentication credentials on the Windows platform. These new updates are not security bulletins, but non-security updates that allow web clients using the Windows HTTP Services, IIS web servers and applications based on the HTTP Protocol Stack (http.

December 2009 Bulletin Release Advance Notification

Thursday, December 03, 2009

Advance Notification for the December 2009 Security Bulletin Release For December we are planning to release six new security bulletins addressing 12 vulnerabilities in Windows, Internet Explorer (IE) and Microsoft Office products. Three of the bulletins have a maximum severity rating of Critical and three have a maximum severity rating of Important.