December's Microsoft Patch Tuesday is upon us and, hopefully, marks the last batch of bulletins for 2014. Although not as big as November's release, it still clocks in with three Critical and four Important bulletins. Internet Explorer is back with fourteen vulnerabilities, the majority of which are critical memory corruption vulnerabilities. That means there were critical vulnerabilities patched in Internet Explorer every month this year except for January. In all, over 200 vulnerabilities were patched in Internet Explorer in 2014, and the majority were rated critical. The other two critical vulnerabilities affect Microsoft Word and the VBScript scripting engine.
This release also patches MS14-075, which was slated for November but listed as "Release date to be determined" until today. The bulletin patches four vulnerabilities in Microsoft Exchange that can result in privilege escalation.