Microsoft's Patch Tuesday: The 12 bugs of Christmas?

Stephen Withers
Friday, 04 December 2009 01:33

Business IT - Security

Microsoft has warned that its Patch Tuesday updates for December will address a dozen vulnerabilities. If you're running any supported version of Windows, there will be an early 'Christmas present' for you next Tuesday.

Microsoft has announced plans to release six security bulletins on December 8 (US time). The bulletins will address 12 vulnerabilities in Windows, Internet Explorer and Office.

Three of the bulletins are rated critical.

The first is specific to Windows, but its rating varies from moderate on XP to critical on Windows Server 2008 (Server Core installations are not affected). Windows 2000, Server 2003 and Vista sit in the middle with an important rating. Server 2008 R2 and Windows 7 are not affected.

While the underlying flaw allows remote code execution, Microsoft officials have advised that it is relatively difficult to exploit.

The second critical bulletin concerns Microsoft Office - more specifically, Project 2000, 2002 and 2003. It is only critical on Project 2000; the bulletin is rated important for the 2002 and 2003 versions.

The final critical bulletin for the month relates to Windows and Internet Explorer. It addresses a vulnerability in Internet Explorer that was publicly disclosed last month and subsequently confirmed by Microsoft.

While Microsoft's initial investigation suggested that not all combinations of supported versions of Internet Explorer and Windows were affected, next week's patches will apply to all versions of the operating system back to Windows 2000.

The issue is rated critical for all versions of Windows except Server 2008 and 2008 R2. Certain combinations of Windows and Internet Explorer - eg, IE8 on Server 2003 - reduce the severity to moderate.

The remaining three bulletins are all rated moderate. Two concern Windows, with one affecting Windows 2000, XP and Server 2003, and the other Server 2003 and Server 2008.

December's sixth bulletin affects Word 2002 and 2003, Microsoft Works 8.5 and the Office Converter Pack.

As usual, Microsoft will also release an updated version of the Malicious Software Removal Tool. The company typically also releases an update for the Windows Mail Junk E-mail Filter.