Microsoft’s monthly advance notification bulletin and the last one for 2012 has been released to the public. This bulletin provides details for the security related updates that will be made available to Microsoft software users on 11 December 2012 via Windows Update and other update methods.
The advance notification indicates seven bulletins will be released and fixed. There are five labeled as critical and two as important and they address a total of 11 vulnerabilities. Six of them relate to Remote Code Execution and one for a Security Feature Bypass. All of the vulnerabilities being fixed on Windows clients and servers OS’s appear related to IE versions ranging from IE6 to IE10.
Exactly why are people still using those early versions of Internet Explorer anyway?
The updates impact the following Microsoft software:
Client
- Windows XP SP3/Windows XP Professional x64 SP2 (IE6, IE7 and IE8)
- Windows Vista SP2/Windows Vista SP2 (64 bit) (IE7, IE8, IE9)
- Windows 7/Windows 7 SP1 (32 and 64 bit) (IE8, IE9)
- Windows 8 (32 and 64 bit) (IE10)
- Windows RT (IE10)
Office Suite and Software
- Microsoft Office 2003 Service Pack 3
- Microsoft Office 2007 Service Pack 2
- Microsoft Office 2007 Service Pack 3
- Microsoft Office 2010 Service Pack 1 (32-bit editions)
- Microsoft Office 2010 Service Pack 1 (64-bit editions)
- Microsoft Word Viewer
- Microsoft Office Compatibility Pack Service Pack 2
- Microsoft Office Compatibility Pack Service Pack 3
Server
- Windows Server 2003 SP2 (32 and 64 bit) (IE6, IE7, IE8)
- Windows Server 2003 SP2 (Itanium) (IE6, IE7)
- Windows Server 2008 SP2 (32 and 64 bit) (IE7, IE8, IE9)
- Windows Server 2008 SP2 (Titanium) (IE7)
- Windows Server 2008 R2 (64 bit) (64 bit SP1) (IE8, IE9)
- Windows Server 2008 R2 (Itanium) (Itanium SP1) IE8
- Windows Server 2012 (IE10)
Server Software
- Microsoft Exchange Server 2007 Service Pack 3
- Microsoft Exchange Server 2010 Service Pack 1
- Microsoft Exchange Server 2010 Service Pack 2
- Microsoft SharePoint Server 2010 Service Pack 1
- Microsoft Office Web Apps 2010 Service Pack 1
Source: Microsoft security bulletin advance notification for December 2012