December looked a lot like
November in terms of the volume and type of vulnerabilities patched by
Microsoft. The seven security bulletins released today included a total of eleven
vulnerabilities with the following breakdown for maximum severity:
- 5 Critical
- 5 Important
- 1 Moderate
This month's bulletins included patches
for two public vulnerabilities for which exploit code is already available. More
importantly, Microsoft admits to being aware of at least targeted exploitation for
CVE-2006-4704. The following publicly known issues received patches:
It appears that bulletin
MS06-078 was actually a late addition due to the emergence of proof of concept
exploit code in the past few days.
This month's bulletins did not
address the following two Microsoft Word file format vulnerabilities. While
Microsoft has acknowledged the vulnerabilities and the fact that they are being
used in targeted attacks, they have not set a release date for patches.
Below is a cheat sheet for all 11
vulnerabilities.
[UPDATE 12/13/2006] Dave Aitel
kindly corrected me to note that a private exploit is available for the SNMP
vulnerability (MS06-074) as detailed below.
Enjoy!
- michael
Posted
12-12-2006 6:26 PM
by
erik.peterson