Windows, IE, Exchange and Office to be patched next week

Three updates are rated critical. The critical update for Office affects Office for Mac as well.
Written by Larry Seltzer, Contributor

Microsoft has released their Advance Notification for the December 2014 security bulletins. There will be a total of seven bulletins, three of which will update critical vulnerabilities. The updates will be released at 1PM eastern time next Tuesday, December 9.

The three critical bulletins affect Internet Explorer, Office and Windows.

As is typical for Internet Explorer updates, all versions are affected (other than Server Core, which does not include Internet Explorer). All are rated critical on Windows desktop systems and moderate on Windows servers. Windows RT versions are also affected and the bug(s) rated critical on it.

A second critical update affects only Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008. It is rated critical for the desktop versions but moderate for the servers. The update will be distributed for Windows Server 2008 Server Core, but the notification says there is no severity rating, indicating that the bug is not exploitable on that version.

The third critical update affects Microsoft Office. Desktop x86 and x64 versions of all supported Office versions are affected and rated critical, as is Office for Mac 2011. Office 2013 RT is affected but rated Important. The vulnerability also affects SharePoint Server versions 2010 and 2013 and Office Web Apps versions 2010 and 2013, and is rated Important on all. The Office Compatibility Pack and Word Viewer are affected and rated Important.

There are two other Office updates, both rated important and both affecting all desktop x86 and x64 versions of all supported Office versions.

One bulletin, rated important, affects all supported versions of Microsoft Exchange: 2007, 2010 and 2013. It is an elevation of privilege bug.

A final update fixes an Information Disclosure vulnerability in all versions of Windows, including Server Core.

As usual, Microsoft will release a new version of the MSRT (Malicious Software Removal Tool) and also likely release some number of non-security updates. Be on the lookout for updates from other companies who choose to release updates on Microsoft's Patch Tuesday.

Editorial standards