Microsoft will release 14 bulletins on its final Patch Tuesday of 2011.
Addressing 20 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Microsoft Publisher and Windows Media Player, the advance notification confirmed that the release is scheduled for Tuesday 13 December.
Three of the bulletins are rated as critical and address remote code execution vulnerabilities in Windows; the remaining 11 are all rated as important and address remote code execution, elevation of privilege and information disclosure flaws.
Paul Henry, security and forensic analyst at Lumension, said: “Think the ‘12 Days of Christmas': on this Patch Tuesday before Christmas Microsoft gave to me, three critical patches, 11 important ones and a patch for the Duqu vulnerability.
“While at first glance 14 bulletins seem like a lot, there are only three critical patches this month with the balance being important at best. Included are a few old issues that will be put to rest, including last month's Duqu Trojan.”
Wolfgang Kandek, CTO of Qualys, said: “The Microsoft holiday Patch Tuesday release will be substantial. We will get 14 bulletins for a total of 20 CVEs. Only one of the critical vulnerabilities applies to Windows 7. On the server side, both Windows 2003 and 2008 are vulnerable, but again the newer 2008 is better than 2003, with only one vulnerability applicable.
“Five of the ‘important' bulletins affect Office 2003, 2007 and 2010, including all office versions for Macintosh as well. One of the remaining bulletins addresses Internet Explorer 6 through 9, and the remaining bulletins apply to all versions of Windows.”