Microsoft released its final update of 2012 on Tuesday, bringing the grand total of patches this year to 83. An improvement on 2011’s round 100 patch count.
7 vulnerabilities were addressed, 5 labelled critical and 2 important. What’s been regarding as the most essential patch by security experts is one that addresses a critical vulnerability in Microsoft Word (MS12-079) which could lead to remote code execution. The threat alters the way in which RTF (rich text format) is processed leaving Microsoft Outlook users at risk of malicious text displayed in their preview pain. If malicious text is contained, it could potentially access administrative rights to the network without the users request or authorisation.
A second critical update tackled bugs in Internet Explorer 9 and 10 that directed users to contaminated websites via drive by download attacks, another high risk remote code execution vulnerability which could result in unauthorised access to administrative rights.
Bulletin MS12-078 targeted Windows kernel-mode drivers involving font and security threats in Microsoft Exchange. If a malicious website is visited it embeds True Type or Open Type font files.
The final 4 patches battled vulnerabilities in Microsoft Exchange Server, Windows file handling components, DirectPlay and IP-HTTPS component allowing a security feature bypass.
A full breakdown of the December update can be found here.