The bulletin released yesterday patches a critical vulnerability in MS Word through MS12-079 update. The manner in which Word processes Rich Text Format (RTF) is flawed and is specifically dangerous when the document is previewed through Microsoft Outlook as it doesn’t require any user interaction.
Microsoft has also patched three vulnerabilities in Internet Explorer 9 and 10 with its MS12-077 update. The vulnerabilities, if not patched, create risks of drive-by download attacks. Another update MS12-081 addresses a vulnerability in Windows File Handling component while the update MS12-078 fixes two vulnerabilities in Windows Kernel-mode driver that would allow for remote code execution.
SANS Institute has got a graphical representation of December’s Patch Tuesday which can be found here. Alongside the critical updates, Microsoft has also released important updates that address vulnerabilities in DirectPlay and IP-HTTPS Component. With the latest updates, the total number of bulletins released by Microsoft up until now has reached 83 as compared to 100 in 2011 and 106 in 2010.