Miscrosoft has just released its Security Bulletins for the month of December.

Today’s release resolves the following vulnerabilites listed below.

Three Critical

• MS06-072 – Cumulative Security Update for Internet Explorer (925454)
  
• MS06-073 – Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)
  
• MS06-078 – Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)

Four Important

• MS06-074 – Vulnerability in SNMP Could Allow Remote Code Execution (926247)
  
• MS06-075 – Vulnerability in Windows Could Allow Elevation of Privilege (926255)
  
• MS06-076 – Cumulative Security Update for Outlook Express (923694)
  
• MS06-077 – Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)

Aside from these new Security Bulletins, Microsoft has also realeased an updated patch to MS06-059.

Sadly, that there is no security patch for the recent Word exploits so, we still need to be extra careful when receiving and opening unsolicited Word documents. Other than that, just make sure you are updating your system right now!

A number of threat experts are predicting an influx of malware diguised as media files in 2007. They cite the popularity of video-sharing Web sites (e.g., Youtube.com) and the increasing use of media files in social networking sites ( Myspace.com) as the prime movers in this coming trend. Here at the tail end of 2006, the release of the proof-of-concept (POC) Trojan TROJ_MPEXPL.A is starting to make this prediction a fact.

This Trojan takes advantage of a vulnerability found in the media player XMPlay v3.3.0.4. It arrives as a specially crafted ASX file, which when played on XMPlay causes a buffer overflow. The said overflow in turn, enables a remote user to execute any file — without the user’s knowledge — on the affected system.

Note that later versions of XMPlay have addressed this vulnerability.