Windows Malicious Software Removal Tool (MSRT, MRT) for December, version 4.15

32-bit version for Windows 8/7/Vista/XP/Server2003 http://www.microsoft.com/en-us/download/details.aspx?id=16

x64-bit version http://www.microsoft.com/en-us/download/details.aspx?id=9905

Flash Player 11.5.502.135 has been released (and Adobe AIR 3.5.0.880, for those who have/use AIR)

http://www.adobe.com/support/security/bulletins/apsb12-27.html

for additional information, see  http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19467178.aspx

The following 5 updates are rated CRITICAL:

MS12-077 Cumulative Security Update for Internet Explorer (2761465)

MS12-078  Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
(2783534)

MS12-079 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)

MS12-080 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)

MS12-081 Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)

-----------------------

The following 2 updates are rated IMPORTANT:

MS12-082 Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660) 

MS12-083 Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)

============

NOTE:  118.1 MEG on this win7 x64 system.  This is getting rediculous.

This month's MSRT (cited above) adds detection/removal of

Win32/Phdet -  a family of backdoor trojans that are used to perform distributed denial of service (DDoS) attacks against specified targets.

For additional information/details, see http://blogs.technet.com/b/mmpc/archive/2012/12/11/msrt-december-12-phdet.aspx

And for those who insist on keeping it around, and/or actually need, it:  JAVA

Java 7 update 10:  http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html

( release notes:  http://www.oracle.com/technetwork/java/javase/7u10-relnotes-1880995.html )

[ or Java 6 update 38 http://www.oracle.com/technetwork/java/javase/downloads/jre6u38-downloads-1877409.html ]

-------------------------------------------------------------------------------------------------

Comment:  Java is perhaps the biggest source of vulnerabilities.   If you don't acutally have a need for it, DUMP IT!

Secunia PSI - Version 3.0.0.6001 (11th December 2012)

This is a minor maintenance release. The primary changes are:

Different view - Program Status.Enhanced update performance when new data is received from the server.
Minor bug fixes.In addition to the above change, a number of minor bug fixes as well as aesthetic and user-experience enhancements have been completed.

https://secunia.com/products/consumer/PSI/sys_req/

Java 7 update 10 introduces important new security controls

A new control "allows you to disable the Java web plugin by unchecking a single tick-box:  After installing Java 7u10 you can open the Java control panel and uncheck the option "Enable Java content in the browser"... disabling the web plugin eliminates most of the risk associated with having Java installed".

Java will also now check to see if it is at the latest security "baseline".

Starting with Java 7u10 users have to ability to set security levels from low to very high for Web-based Java content, with medium being the
default option.  Medium allows untrusted apps to run if your Java is patched, but will only allow signed applications to run if you are out of date.

http://nakedsecurity.sophos.com/2012/12/19/java-7-update-10-introduces-important-new-security-controls/

======================

Java 7 Update 10 allows users to restrict Java in browsers    

Java users can now block Web-based Java content completely or enforce strict restrictions for it

http://www.infoworld.com/d/security/java-7-update-10-allows-users-restrict-java-in-browsers-209423

Microsoft re-released update MS-12-078 (KB2753842) to resolve an issue with OpenType fonts not properly rendering after the original update was installed.

Customers who have successfully installed the original KB2753842 update need to install the rereleased update.