December Microsoft Security Bulletins

It seems that November was quite a busy month for people in Microsoft Security Response Center, finalizing the set of latest security patches. It is a bit worrying that vulnerabilities in 7 out of 8 published bulletins could be used to launch malware attacks.

We in SophosLabs are particularly interested in MS08-072 and MS08-074 as both Word and Excel documents were frequently used to deliver various information stealing malware. Luckily Sophos malware detection engine contains some new functionality that allows us to deal with most of the maliciously malformed compound documents and we are writing the detection for potentially maliciously malformed files as I write this blog post. The intention is, as always, is to protect all users before the real threat appears in the wild. We have also written our own vulnerability analyses which you can access from the Latest vulnerabilities analysis page.