December Microsoft Patch Tuesday Preview

Blog Post created by rapid7-admin on Dec 4, 2009

Originally Posted by Sheldon Malm



Sheldon here with a preview of what’s coming out in next week’s Microsoft Patch Tuesday … 

6 updates in total, covering 12 vulnerabilities.  Windows, IE, and Office are affected.


Bulletin 1: Remote Code Execution affects all supported Windows versions, rated Important on most, Moderate on XP, and Critical on Server 2008.  This will be the second highest priority out of the Critical updates – particularly if you have deployed Windows Server 2008.


Bulletin 2: Remote Code Execution doesn’t affect newer versions of Windows, rated Important on Windows 2000, XP, and Server 2003.  It is also rated Important on Word for Office XP and Office 2003 along with Works and the Office Converter Pack.


Bulletin 3: Remote Code Execution is the least severe of the Critical updates, rated Important on Project 2003 and Critical on Project 2000.  If you have deployed Project widely, this is worth planning your testing and rollout in the short term.


Bulletin 4: Remote Code Execution is this month’s monster, addressing the IE 6, 7 and 8 invalid pointer reference zero day that has been highlighted in the press.  There is already a Metasploit module for this one, so it’s exploitability is without question.  It is rated Critical across all Windows platforms except Server 2008 (Moderate), and is the only update affecting Windows 7 this month.


Bulletin 5: Denial of Service doesn’t affect newer versions of Windows.  Like Bulletin 2, it is rated Important on Windows 2000, XP, and Server 2003.


Bulletin 6: Remote Code Execution is the last one, only affecting Windows Server Operating Systems.  It is rated Important on Server 2003 and Server 2008. 

All in all, this is a pretty manageable month from a prioritization, testing, and deployment perspective.  Our recommendation is to patch IE first and prioritize the rest as appropriate.  As more information is available on Tuesday, we’ll provide more detailed recommendations. 

NeXpose Community Edition, the free version of NeXpose, will have coverage for all of these vulnerabilities within 24 hours of the Patch releases.  Particularly for Bulletin 4 – this month’s big one – NeXpose Community Edition will allow you to detect this vulnerability and, if you wish, automatically launch Metasploit Security Testing to confirm the presence and exploitability of the exposure(s) on up to 32 hosts in your environment.  For small environments with 32 nodes or less, you can now use NeXpose to provide free detection within 24 hours of Microsoft’s update release. 

For larger environments, even if NeXpose is not your current Enterprise Vulnerability Management solution, we invite you to download Community Edition and run it alongside your tool on Wednesday to audit the effectiveness of your solution on up to 32 hosts. 

NeXpose Community Edition is available for immediate download at no cost here:


We also invite you to visit the Community Portal at: http://community.rapid7.com to share information with other Security Professionals following the Microsoft release. 

More to follow on Tuesday.