Win10/win7/win8.1 December first security update released Fix 14 important bugs

December 9th news, Microsoft pushed the December security update to users this morning, and has announced the details of this month's update. In December 2015, there were 14 security updates, 4 of which were serious and 10 were important.
Affected operating systems and components include: Windows Vista, Win7, Win8, Win8.1, Win10, Windows Server 2008/2012 (R2), and Windows RT and Windows RT 8.1 for tablet devices, including Microsoft Office Software and services such as RT/2007/2010/2013/2013.

It is recommended that users download and install updates from Windows Update in a timely manner.

Safety updates for December 2015 include:

Vulnerabilities in SQL Server could allow remote code execution (3065718)

This security update resolves Microsoft SQL Vulnerabilities in Server. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from the wrong address, causing a function call to uninitialized memory. To exploit this vulnerability, an attacker would need to create or modify permissions on the database.

Security Update for Internet Explorer (3076321)

This security update resolves vulnerabilities in Internet Explorer. The most serious of the vulnerabilities could allow remote code execution when a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers with accounts configured to have fewer system user rights are less affected than customers with administrative user rights.

Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3072604)

This security update resolves a vulnerability in the VBScript scripting engine of Microsoft Windows. This vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged in with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker can then install programs; view, change, or delete data; or create new accounts with full user rights.

Vulnerabilities in RDP Could Allow Remote Code Execution (3073094)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a series of specially crafted packets to a Remote Desktop Protocol (RDP)-enabled target system. RDP is not enabled by default on any Windows operating system. This risk does not exist for systems that do not have RDP enabled.

Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution (3072000)

This security update resolves vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution in a hosted environment if an authenticated privileged user runs a specially crafted application on a guest virtual machine hosted by Hyper-V. To exploit this vulnerability, an attacker must have valid guest virtual machine login credentials.

Vulnerability in Windows Could Allow Remote Code Execution (3072631)

This security update resolves vulnerabilities in Microsoft Windows. If an attacker first places a specially crafted dynamic link library (DLL) file in the target user's current working directory, and then induces the user to open the RTF file or launch a program that loads the trusted DLL file, the attacker is specially designed. The DLL files that may allow remote code execution. An attacker who successfully exploited these vulnerabilities could take complete control of the affected system. An attacker can then install programs; view, change, or delete data; or create new accounts with full user rights.

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620)

This security update resolves vulnerabilities in Microsoft Office. The most serious of the vulnerabilities could allow remote code execution when a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. Customers with accounts configured to have fewer system user rights are less affected than customers with administrative user rights.

Vulnerabilities in Netlogon Could Allow Elevation of Privilege (3068457)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker could access the primary domain controller (PDC) on the target network and could run a specially crafted application to establish a secure channel with the PDC that is the backup domain controller (BDC).

Vulnerabilities in Windows Graphics Components Could Allow Elevation of Privilege (3069392)

This security update resolves vulnerabilities in Microsoft Windows. This vulnerability could allow elevation of privilege if the Windows graphics component does not properly handle bitmap conversions. An authenticated attacker who successfully exploited this vulnerability could elevate its privileges on the target system. The attacker can then install the program; view, change, or delete data; or create a new account with full administrative privileges. An attacker must log in to the system to exploit this vulnerability.

Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (3072630)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows Installer service incorrectly runs a custom action script. To exploit this vulnerability, an attacker must first destroy a user who is currently logged into the target system. The attacker can then install the program; view, change, or delete data; or create a new account with full administrative privileges.

Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633)

This security update resolves vulnerabilities in Microsoft Windows. These vulnerabilities could allow elevation of privilege if used in conjunction with other vulnerabilities that allow arbitrary code to run. Once other vulnerabilities are exploited, an attacker could then exploit the vulnerability described in this bulletin to cause arbitrary code to run at a medium integrity level.

Vulnerability in Windows Remote Procedure Calls Could Allow Elevation of Privilege (3067505)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerability exists in Windows Remote Procedure Call (RPC) authentication. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker can then install programs; view, change, or delete data; or create new accounts with full user rights.

Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657)

This security update resolves vulnerabilities in Microsoft Windows. This vulnerability allows elevated privileges when an attacker logs into a target system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of the affected system. An attacker can then install programs; view, change, or delete data; or create new accounts with full user rights.