Microsoft Windows



Microsoft announced today that it plans on shipping seven bulletins, five critical, two important, for the December edition of its monthly patch Tuesday security bulletin release cycle.The year’s last scheduled batch of patches will address 11 vulnerabilities in all currently supported operating systems, including Microsoft Windows, Internet Explorer (IE 6-10), Office and the company’s Server Software.

By Kurt BaumgartnerIn April, the .co.cc and .cz.cc sub-domains were absolutely littered with malware distributing web sites, and the unusually telling DNS registration setup on .co.cc and .cz.cc had forecast the previously upcoming Apple FakeAv. That DNS setup later led to FakeAv downloads for the Mac as forecast. But FakeAv distribution has been steadily declining since the beginning of the year, and a few related major events have occurred over the past six months. Blackhole operators have migrated to .info domains, along with other related malicious site operators. Have they pushed .info to become the new .cc?

Microsoft is warning its users about a dangerous flaw in the way that Windows handles certain MHTML operations, which could allow an attacker to run code on vulnerable machines. The bug affects all of the current versions of Windows, from XP up through Windows 7 and Windows Server 2008.

Microsoft released its monthly patch Tuesday bulletins fixing more than 40 vulnerabilities in a variety of products including Microsoft Windows, Internet Explorer and Sharepoint Server. The release, the company’s final monthly patch of 2010, brings the total number of security fixes to 106 – the highest total ever for the company.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.