Microsoft Patch Tuesday 12/13/2011

Microsoft Holiday Patch Tuesday release will be substantial 20 bulletins. Out of the 20, three are of the highest severity level, "critical", and affect Windows XP, Vista, and Windows 7. Only one of the critical vulnerabilities applies to Windows 7. On the server side, both Windows 2003 and 2008 are vulnerable, but again the newer 2008 is better than 2003, with only one vulnerability applicable.

Five of the "important" bulletins affect Office 2003, 2007 and 2010 including all office versions for Macintosh as well. One of the remaining bulletins addresses Internet Explorer 6 through 9 and the remaining bulletins apply to all versions of Windows.

In addition, users of Adobe Reader 9 can expect an update that will address the current 0-day vulnerability CVE-2011-2462 in Adobe Reader and Acrobat. Since exploits for the vulnerability are already in the wild, Adobe has stated that they will deliver a high priority update out-of-band next week, so it is available earlier than their next scheduled release in January 2012. Alternatively (and better IMHO) you could update your users to Adobe Reader X. While it contains the vulnerability, cannot be successfully exploited due to its sandboxing features.

Bottom Line: Leave your computers on tonight and reboot in the morning.