Well we have arrived at the end of 2010 and the final scheduled Patch Tuesday security updates will come out next Tuesday, 14 December 2010. With this months bulletins that brings the total number issued in 2010 to 106 – a record number for Microsoft.
The December 2010 advance notification bulletin has been released and here is a summary of what to expect next week with these updates.
December 2010 Patch Tuesday
- 17 bulletins
- 40 vulnerabilities
- 2 Critical, 14 Important and 1 Moderate
Affected Software
- Microsoft Windows
- XP SP3
- XP Pro x64 SP2
- Server 2003 SP2
- Server 2003 X64 SP2
- Server 2003 Itanium
- Vista SP1 and SP2
- Vista x64 SP1 and SP2
- Server 2008
- Server 2008 SP2
- Server 2008 X64
- Server 2008 SP2
- Server 2008 Itanium
- Windows 7
- Windows 7 x64
- Server 2008 R2 x64
- Server 2008 R2 Itanium
- Microsoft Office
- XP SP2
- 2003 SP3
- 2007 SP2
- Office 2010
- Office 2010 x64
- Microsoft Works 9
- SharePoint Server
- 2007 SP2
- 2007 x64 SP2
- Microsoft Exchange Server
- 2007 x64 SP2
The monthly webcast is also scheduled:
Date: Wednesday, December 15
Time: 11:00 a.m. PST (UTC -8)
Registration: https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID= 1032454441
Normally Microsoft does not reveal the specific areas or vulnerabilities in the advance notification summary however, the do specifically mention two fixes that are in this patch update:
We’re addressing two issues this month that have attracted interest recently. First, we will be closing the last Stuxnet-related issues this month. This is a local Elevation of Privilege vulnerability and we’ve seen no evidence of its use in active exploits aside from the Stuxnet malware. We’re also addressing the Internet Explorer vulnerability described in Security Advisory 2458511. Over the past month, Microsoft and our MAPP partners actively monitored the threat landscape surrounding this vulnerability and the total number of exploit attempts we monitored remained pretty low.
As I was reading the advance notification summary I did come across a line in it which I found to be quite entertaining. It was a reference to Windows XP SP2:
Microsoft supports products for up to ten years. (One of our most popular operating systems from the turn of the century, XP SP2, reached its end-of-support life in mid-2010, in fact.)
The bold and italics are mine. I just love the reference to the turn of the century. I do believe that is being said with tongue firmly planted in their cheek.