Thursday, in keeping with its usual schedule, Microsoft released its Security Bulletin Advanced Notification for December, previewing the security fixes it intends to release next Tuesday, December 11. Microsoft plans to release seven security bulletins this month. Five are for Windows and its components; three of these have a maximum severity rating of Critical, and the other two are rated Important. All supported versions of Windows are affected, including the recently-released Windows 8, Windows RT, and Windows Server 2012.
The table below shows the breakdown of patches by Windows version and severity:
|Windows Server 2003||2||1||—|
|Windows Server 2008||2||1||1|
|Windows Server 2008 R2||2||2||1|
|Windows Server 2012||1||2||1|
|Windows Server Core||1||2||—|
One oddity in this preview announcement is that, although one bulletin (Bulletin 1) has patches for various versions of Internet Explorer, many of them have no severity rating assigned. Perhaps this is related to Microsoft’s efforts to get users to upgrade from older versions of the browser, something that is a Very Good Idea, most especially for those of you who may still be using Internet Explorer 6 (shudder!).
There is also one bulletin that affects Microsoft Office, which is rated Critical; it also affects Word Viewer, as well as Exchange Server, Share Point Server, and Office Web Apps. A final bulletin, rated Critical, affects only Exchange Server.
According to Microsoft, all five of the Windows bulletins will require a system restart, and the other bulletins may require one, depending on your system’s configuration.
As always, this information is subject to change between now and the actual release of the bulletins next Tuesday. I will post a note here once the actual updates are available.