Microsoft has released December 2011 Cumulative Security Update, available via Windows Update, now bring along with its a new Windows Internet Explorer 9.0.4.
This security update is rated Important for Internet Explorer on Windows clients and Internet Explorer 9 for Windows 2008 R2, and Low for Internet Explorer on Windows servers.
“The update resolves three privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user visits a specially crafted Web page using IE. An attacker who successfully exploited this vulnerability could run a malicious application on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights,” informs Microsoft.
Customers who do not have enabled automatic updating, can enable it (Start Menu, type “Windows Update”).
Also, released today is an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center.
“The December 2011 MSRT includes detection and clean-up for the Win32/Helompy Family.”
“Helompy is a worm that propagates by copying itself to the root of removable drives, and its main payload is to record account credentials and login information and send them to a remote server, where the attacker could retrieve them for use,” informed MMPC.
For more information on the Microsoft Windows Malicious Software Removal Tool, visti this KB article KB890830.
This month, Microsoft released 13 security bulletins for new vulnerabilities. Please see the chart for details.
Below is a deployment priority guidance to assist customers in their deployment planning (click for larger view).
Here is a risk and impact graph shows an aggregate view of this month’s severity and exploitability index (click for larger view).