Microsoft Windows

Microsoft announced today that it plans on shipping seven bulletins, five critical, two important, for the December edition of its monthly patch Tuesday security bulletin release cycle.The year’s last scheduled batch of patches will address 11 vulnerabilities in all currently supported operating systems, including Microsoft Windows, Internet Explorer (IE 6-10), Office and the company’s Server Software.

By Kurt BaumgartnerIn April, the and sub-domains were absolutely littered with malware distributing web sites, and the unusually telling DNS registration setup on and had forecast the previously upcoming Apple FakeAv. That DNS setup later led to FakeAv downloads for the Mac as forecast. But FakeAv distribution has been steadily declining since the beginning of the year, and a few related major events have occurred over the past six months. Blackhole operators have migrated to .info domains, along with other related malicious site operators. Have they pushed .info to become the new .cc?

Microsoft is warning its users about a dangerous flaw in the way that Windows handles certain MHTML operations, which could allow an attacker to run code on vulnerable machines. The bug affects all of the current versions of Windows, from XP up through Windows 7 and Windows Server 2008.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.