Microsoft to release bumper holiday security update

Microsoft is planning a bumper holiday Patch Tuesday security update for 13 December, with 14 bulletins covering 20 vulnerabilities.

Microsoft is planning a bumper holiday Patch Tuesdaysecurity update for 13 December, with 14 bulletins covering 20 vulnerabilities.

Out of the 14, three are of the highest severity level, "critical", and affect Windows XP, Vista and Windows 7, although only one applies to Windows 7.

Six bulletins will require a system restart and the remainder may require a restart, according to Microsoft.

On the server side, both Windows 2003 and 2008 are vulnerable, but the newer 2008 is better than 2003, with only one vulnerability, said Wolfgang Kandek, chief technology officer at security firm Qualys.

Five of the "important" bulletins affect Office 2003, 2007 and 2010, including all office versions for Apple Mac.

One of the remaining bulletins addresses Internet Explorer versions 6 to 9, while the rest apply to all versions of Windows.

In addition, Kandek said IT administrators for businesses using Adobe Reader 9 can expect an update that will address the current 0-day vulnerability in Reader and Acrobat itself.

Since exploits for the vulnerability are already in the wild, Adobe has stated that it will deliver a high priority update out-of-band this week, so it is available earlier than its next scheduled release in January.

“Alternatively, IT administrators could update users to Adobe Reader X, which while it contains the vulnerability, cannot be successfully exploited due to its sandboxing features,” said Kandek.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.