The December Microsoft updates include 5 listed as Critical and 2 listed as Important. Three of the 5 Critical updates address problems in MS Windows, 2 affecting Windows Server products (primarily, Exchange) and one of those two affects Windows Server and Office. All 5 of the critical vulnerabilities can allow remote code execution and one of of the Important vulnerabilities can allow remote code execution. The remaining Important update can allow security feature bypass. Multiple reboots are required for these updates. Additional details are available from Microsoft here.
As of this post, I am not aware of any new Adobe vulnerabilities for December (the last that I’m aware of were mid / late November). Additional details are available from Adobe here.
Ok, Java. If you don’t need it, remove it. If you do need it, check daily (or hourly) to make sure that you have the latest version. Java downloads are available here.
I believe that the biggest news that I’ve seen thus far this month has been the ‘Cool’ crimeware toolkit, the rise in polymorphic viruses and the explosion of the ‘FBI’ virus. It really wouldn’t surprise me to see some glaring link between these items.
Monthly Update Clients
* If you are not currently taking advantage of our monthly update service and would like more information or to sign up, additional information is available here
For our Monthly Update clients, if a date and time hasn’t already been scheduled to install your updates, we will be contacting you shortly to schedule. If you aren’t already taking advantage of our monthly update service, there’s no time like the present to get started. We offer a monthly update service to keep all of your computers up-to-date for a low monthly fixed price with no long-term committment. Additional information is available on our website.