Microsoft Releases 12 Security Bulletins for Christmas

Microsoft and Adobe have conspired to make it a busy festive season for IT admins, releasing patches to fix over 70 vulnerabilities each.

Redmond issued 12 bulletins—nine of which are critical—covering 71 bugs, including two being actively exploited in the wild.

MS15-0124 fixes a whopping 30 flaws in Internet Explorer, while MS15-125 does the same for 15 vulnerabilities in Edge.

MS15-128 is a critical update resolving three flaws affecting Windows, .Net Framework, Office, Skype, Lync and Silverlight.

“This is a Microsoft Graphics Component update, which is a shared library that affects many applications,” explained Shavlik product manager, Chris Goettl. “Expect many variations of this update to affect the same system for each product you have installed that is affected.”

MS15-131 resolves six flaws in Office, including CVE-2015-6124—already detected in exploits in the wild.

And MS15-135 is only an “important” update for Microsoft Windows, which resolves four vulnerabilities, although one of these is CVE-2015-6175, which could allow an attacker to run arbitrary code in kernel mode.

In total, that makes 135 bulletins from Microsoft this year—up significantly from the average of previous years, according to Qualys CTO, Wolfgang Kandek.

“New products by Microsoft only explain a small part of this increase; for example, the new Edge browser only added five bulletins of its own this year,” he explained in a blog post.

“The majority of the increase is due to new parts of the Windows ecosystem that are being investigated for the first time, a tendency that shows how much more important computer security has become over the years.”

An ever-present this year has been Adobe Flash patches, and December was no different.

The Priority 1 APSB15-32 update for Adobe Flash Player, resolves 78 vulnerabilities, many of which are code execution bugs and a few security bypass flaws, according to Goettl.

“To fully resolve these vulnerabilities you need to ensure you update Flash Player on the OS, as well as the plug-in in your browsers,” he advised. “You will need to update IE, Chrome and Firefox plug-ins to fully ensure these vulnerabilities are resolved.”

Photo © GongTo/

What’s Hot on Infosecurity Magazine?