Microsoft has released their advanced notification for the December 2011 edition of Patch Tuesday.  Microsoft is giving the gift of 14 security bulletins addressing 20 vulnerabilities this holiday season.

Security Bulletin Breakdown:

  • 3 bulletins rated as Critical
  • 11 bulletins rated as Important
  • 10 vulnerabilities could lead to Remote Code Execution
  • 1 vulnerability could lead to Information Disclosure
  • 3 vulnerabilities could lead to Elevation of Privilege

Affected Products:

  • All supported Microsoft Operating systems
  • Publisher 2003, 2007
  • Excel 2003
  • PowerPoint 2007, 2010
  • Office 2007, 2010
  • PowerPoint Viewer 2007
  • Office Compatibility Pack 2007

On the non-Microsoft front, Adobe released a security advisory (APSA11-04) for a zero-day vulnerability affecting Adobe Acrobat/Reader 9/10 on December 6th.  Adobe is planning to release a patch for Adobe Acrobat and Reader version 9 during the week of December 12, 2011.  In other words, Adobe will be joining Microsoft's Patch Tuesday this month.  Adobe Acrobat and Reader 10 are also affected by this vulnerability, but Adobe's Protected View prevents the exploitation of the vulnerability.  For Adobe Acrobat and Reader 10, Adobe will release a patch during the January 2012 Patch Tuesday.

With administrators commonly taking vacations this time of year, the large number of security bulletins Microsoft is planning to release may seem a bit unfair.  However, this is in line with past typical Microsoft December Patch Tuesdays.

Last year, Microsoft released 17 security bulletins during the December 2010 Patch Tuesday.  This brought the total number of security bulletins released by Microsoft in 2010 to 106.  With the December 2011 Patch Tuesday security bulletins, the grand total for released security bulletins for 2011 will bring us to 100.

Stay tuned for more 2011 year in review information.  Later this month I will be releasing "Patching Year in Review" information.

I will be talking about December's Patch Tuesday next Wednesday, December 14th at 11:00am CST in part of our monthly Patch Tuesday webinar.  Click here to register for the webinar.

- Jason Miller