MS Patch Tuesday heads-up: 17 bulletins, 40 vulnerabilities

Summary:Microsoft is planning another massive Patch Tuesday this month: 17 bulletins with fixes for 40 security vulnerabilities.

Microsoft is planning another massive Patch Tuesday this month:  17 bulletins with fixes for 40 security vulnerabilities.

The December batch of patches will cover security holes in Microsoft Windows, Office, Internet Explorer, SharePoint and Exchange, according to an advance notice posted Thursday.

Of the 17, Microsoft said two bulletins will be rated "critical," the company's highest severity rating.  Of the remainder, 14 will be rated "important."

[ SEE: Stuxnet -- A possible attack scenario ]

All versions of the Windows operating system are affected, including the newest Windows 7 and Windows Server 2008 R2.

follow Ryan Naraine on twitter

Microsoft said it will also patch the last of the vulnerabilities used in the infamous Stuxnet malware attack.  The last outstanding Stuxnet bug is a elevation of privilege flaw in the Windows Task Scheduler.  Exploit code for this vulnerability is public and works against systems running Windows Vista, Windows 7 and Windows Server 2008.

A separate vulnerability in the Internet Explorer browser will also be addressed this month (see advisory).

This month's updates will bring the total bulletins for this year to 106, the most ever.

The MSRC blog offers an explanation for this:

This is partly due to vulnerability reports in Microsoft products increasing slightly, as indicated by our latest Security Intelligence Report. This isn't really surprising when you think about product life cycles and the nature of vulnerability research. Microsoft supports products for up to ten years. (One of our most popular operating systems from the turn of the century, XP SP2, reached its end-of-support life in mid-2010, in fact.) Vulnerability research methodologies, on the other hand, change and improve constantly. Older products meeting newer attack methods, coupled with overall growth in the vulnerability marketplace, result in more vulnerability reports. Meanwhile, the percentage of vulnerabilities reported to us cooperatively continues to remain high at around 80 percent; in other words, for most vulnerabilities we're able to release a comprehensive security update before the issue is broadly known.

ALSO SEE:

Topics: Security, Microsoft

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.