Microsoft Patch Tuesday for December

On 12 December 2006 Microsoft is planning to release 20 patches for its line of products. Out of these 20, six updates are security updates and 14 are non security updates.

Out of the six security updates, five security updates are for Windows and one is for the vulnerability in Visual Studio 2005 described in Microsoft Security Advisory 927709. The highest ratings of some of the updates is critical which means that attackers could execute random code remotely by exploiting those particular vulnerabilities. Microsoft has also advised that some of the updates will require a reboot, so some planning would be required before applying the updates.

Of the 14 NON-Security updates four are aimed at the Windows desktop operating system and will be released through Windows Update (WU) and Software Update Services (SUS). The remaining 10 updates are aimed at the Windows Server family and will be released through Microsoft Update (MU) and Windows Server Update Services (WSUS).

In addition to these updates, Microsoft will also release an updated version of its Anti-spyware software; Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Upate, Windows Server Update Services and Download center. This tool will not be made available through Software Update Services.

I will publish a detailed analysis of the updates once Microsoft releases it on Tuesday.