For the final month of the year, Microsoft has released two new Security Bulletins, one ranked Critical and the other rate as Important by Microsoft. That brings the total number of Security Bulletins for the year to 55, ten higher than the total for 2004.

The Critical update is a cumulative patch for Internet Explorer which actually patches four separate vulnerabilities. One of those vulnerabilities has made headlines because it is already being exploited by malware in the wild and allows a remote attacker to run code on the vulnerable system.


eEye Digital Security noted that the cumulative patch also disables the ActiveX control distributed by Sony BMG as a part of the uninstallation process for their highly publicized rootkit which has been exploited by other malware.

To view a summary of the December bulletins, visit Microsoft Security Bulletin Summary for December, 2005. Click the links below to view the individual Microsoft Security Bulletins and to download any patches that might be required for your system. You can also visit Windows Update to automatically determine what patches or updates your system needs.

• Microsoft Security Bulletin MS05-054
  Cumulative Security Update for Internet Explorer
  Microsoft Criticality: Critical
  
  • http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx
• Microsoft Security Bulletin MS05-055
  Vulnerability in Windows Kernel Could Allow Elevation of Privilege
  Microsoft Criticality: Important
  
  • http://www.microsoft.com/technet/security/bulletin/ms05-055.mspx