December 2014 Microsoft Patch Tuesday Summary

By Elevate posted 12-09-2014 16:35

It’s Microsoft Patch Tuesday! In the December edition there are 7 updates; three are marked "Critical" and four are rated "Important". A total of 25 vulnerabilities were fixed over 7 bulletins this month. One of the Critical update MS14-080 is an all version Internet Explorer (IE 6 to 11) patch. This single update resolves 14 CVE's (Common Vulnerability and Exposure).


Here is a list of Security bulletins which were rolled out in today's Patch Tuesday release.


Bulletin ID Bulletin Title Bulletin Severity
MS14-075 Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege(3009712) Important
MS14-080 Cumulative Security Update for Internet Explorer(3008923) Critical
MS14-082 Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution(3017301) Critical
MS14-082 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution(3017349) Important
MS14-083 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution(3017347) Important
MS14-084 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution(3016711) Critical
MS14-085 Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure(3013126) Important


Tracking Microsoft Vulnerability Patches 2014




As shown in the chart above, number of vulnerabilities which were patched this month is same as that of last month. Looking back, in 2014 Microsoft rolled out total of 83 updates addressing 341 number of vulnerabilities. Internet Explorer continued to be the most vulnerable of all microsoft products and received highest number of patches this year. As we do every month, we’ve released a signature update #2449 to address vulnerabilities fixed in this month's patches.


Happy patching! 


For additional information on how you can protect your network from emerging threats, please visit