Microsoft just announced their December 2010 patch Tuesday plans with the release of their Advanced Notification.  Tell me if you have heard this before, the December 2010 patch Tuesday will be the biggest patch Tuesday on record from Microsoft.  Microsoft is planning on releasing 17 new security bulletins addressing 40 vulnerabilities.

Bulletin Severities

  • 2 bulletins are rated as - Critical
  • 14 bulletins are rated as - Important
  • 1 bulletin is rated as - Moderate

Vulnerability Impacts

  • 10 bulletins can lead to Remote Code Execution
  • 4 bulletins can lead to Elevation of Privilege
  • 3 bulletins can lead to Denial of Service

Affected Products (this month will more than likely be affecting all of your machines on your network)

  • All supported versions of Microsoft operating systems
  • All supported versions of Internet Explorer
  • Office XP, 2003, 2007, 2010
  • Publisher 2002, 2003, 2007, 2010
  • Office SharePoint Server 2007
  • Exchange Server 2007

This could be particularly challenging for administrators this month.  But, this is not because of the sheer number of bulletins only.  This is the time of the year that vacations are planned and spent over the holidays.  With this many bulletins, check your calendar and plan accordingly.

Looking back through this year, the recurring theme has been a record breaking month, followed by another, and another.  Needless to say, a trend has been established.  As each 'light' month is typically followed by a 'heavy' month, we should not be surprised next year that we are back on this topic (possibly as soon as February).

Looking back this year you can see the number of bulletins, added each month by Microsoft, is increasing.

In fact, this is the first time we will be seeing a bulletin number in the hundreds.  If all 17 bulletins are released Tuesday, we will see bulletins through MS10-106.  If it seems that you have spent a lot of time patching this year, you are correct; just compare this year's bulletin number with previous years:

  • 2010 - 106 Microsoft Security Bulletins
  • 2009 - 74 Microsoft Security Bulletins
  • 2008 - 78 Microsoft Security Bulletins

 That is right, 106 new Microsoft Security Bulletins in one year.

Stay tuned, more information to come on Patch Tuesday.  I will be holding our monthly webinar on Wednesday, December 15th to review the patches from patch Tuesday.  You can register for the event here.

- Jason Miller