December’s advanced Patch Tuesday brings us seven advisories, three of which are listed as Critical. The Critical issues affect, Internet Explorer, all supported versions of MS Office and SharePoint, and all supported versions of Windows prior to Windows 8 and Server 2012.
We also see an Important Elevation of Privilege patch for MS Exchange, presumably this is MS14-075 which was held back from the November updates for quality issues.
On top of those issues, there are three Important issues impacting Windows and Office. The Windows issue is an Information Disclosure vulnerability affecting all support OS versions.
The others are Remote Code Execution issues in Office which fall below the Critical risk level, probably as they are deemed to be less exploitable.
Top patching priority will no doubt be the 3 critical issues.
Author: Ross Barrett, Senior Manager, Security Engineering, Rapid7.