Gents, if you haven't hit the Windows Update button yet today, you should. Microsoft's final batch of patches for 2007 has been released to cover at least 11 security vulnerabilities that put millions of users at risk of remote code execution attacks.
The December updates includes a "critical" bulletin with patches for at least four flaws affecting Internet Explorer and a two separate high-severity bulletins for code execution bugs in Windows Media File Format and Microsoft DirectX. The most serious bug addresses in the IE update (MS07-069) could allow drive-by exploits if a user viewed a specially crafted Web page using an unpatched browser. It carries code execution risks for most versions of Windows, including the newer IE 7 on Windows Vista.
