Microsoft on Thursday issued an advance notice for its December security bulletins, which will be released on December 14 and will include 17 updates designed to address 40 vulnerabilities in Windows, Office, Internet Explorer, SharePoint, and Exchange.
Microsoft issues these advance notifications every month before the updates themselves are released, so that users can prepare for testing and deployment of the patches. December's release sets a record number of patches from Microsoft this year, beating the number of patches released by the software giant in October by one.
Microsoft has released a tool designed to close a security hole in Windows applications that could allow for unauthorized access to PCs. The security flaw is created not by a vulnerability in Microsoft code, but in the way some Windows programs are developed, says the company. And while Microsoft is not taking responsibility for the problem, it nonetheless has rolled out the tool and a set of development best practices.
According to a Microsoft Security Advisory, research has been published that details "a remote attack vector for a class of vulnerabilities that affects how applications load external libraries." The attack, called binary planting or DLL preloading, is caused by the way Windows programs are written, allowing hackers to remotely execute code when a user opens a file from a location that isn't trusted, says the advisory.