Microsoft has announced seven bulletins that will be released December 11, 2012. The bulletins affect ALL Windows operating systems beginning with Windows XP and ending with Windows 8 and RT. Windows RT (tablet) users are not used to receiving patches on tablets, and this aspect makes it very unusual. Who knows, future patches may affect SmartPhones.
Five of the bulletins are rated critical, two are important. These bulletins will affect all currently supported Operating Systems, including Windows 8 and Windows RT.
Bulletin 1, rated critical, impacts Internet Explorer 9 and 10 on all platforms that support IE 9 and IE10, starting with Windows Vista, including Windows 7 and the new Windows 8 and RT.
Bulletin 2, rated critical, affects All versions of Windows, including Windows 8 and Windows RT.
Bulletin 3, rated critical, affects Microsoft Office. The main targets appears to be Microsoft Outlook and Microsoft Word.
Bulletin 4, rated critical, fixes a number of Microsoft server software products, including Microsoft Exchange and SharePoint. It also includes an update for Microsoft Office Web Apps 2010 Service Pack 1, which contain cloud versions of Microsoft Word, Excel, ....
Bulletin 5, rated important, covers a remote code execution issue in the Windows file handling component, affecting Windows XP through Windows 7. Fortunately, Windows 8 is not affected here. Essentially, when Windows Explorer parses a file name, it hits this vulnerability.
Bulletin 6, rated important, affects a vulnerability in Direct Play, affecting all versions of Windows from XP through Windows 8. If you use Direct Play to parse content in Office documents or things embedded in Office documents, this vulnerability will come into play. The Office documents will act as a vector, but it is a Windows level vulnerability.
Finally, bulletin 7, rated important, is a vulnerability in IP HTTPS, a component in Direct Access. Direct Access is a common VPN. Essentially, this is a bug that doesn’t honor the revocation of time stamp. This vulnerability would allow someone with a revoked certificate to log in and access corporate assets.
Bottom Line: Leave your Windows computers, servers, and Tablets turned on Tuesday night, and remember to reboot them Wednesday morning.
(If you use Linux or MAC operating systems, there are no updates)
Patch Tuesday occurs on the second Tuesday of each month, on which Microsoft regularly releases security updates and patches for Microsoft Products. Starting with Windows 98, Microsoft includes a "Windows Update" system that checks for Microsoft generated patches for all Windows versions and all Microsoft products like Microsoft Office, Visual Studio and SQL Server. Patch Tuesday usually begins at 6:00pm EST.
At times there is a need for other updates, calling for “an extraordinary Patch Tuesday”, that can occur 14 days after the regular Patch Tuesday. In addition, Microsoft provides constant updates to security products on a daily basis, that is, products like Windows Defender and Microsoft Security Essentials).
The patches are also called bulletins, because patches generally contain information along with the patch itself. Microsoft does not supply specific patch information within the advance bulletin that may allow spammers and hackers to circumvent the patch before it arrives.
Microsoft only patches it's own products. Adobe reader, Adobe Flash, and Java has their own monthly update system.
Linux and Apple operating systems do not require as much maintenance, meaning that you might only see one or two updates a year for these systems.
Unless you are running a program that is not compatible with a particular patch, Microsoft recommends that you install each and every patch so that you are protected against the Microsoft vulnerabilities.