Microsoft plans hefty Christmas Patch Tuesday
IT departments will need to digest more than mince pies in the holiday run up.
Microsoft has issued its final Patch Tuesday release of 2011, with 14 bulletins, covering 20 vulnerabilities.
After a number of small releases, Microsoft has given IT departments an early Christmas present of three critical and 11 important bulletins.
The critical security holes affect Windows XP, Vista, and Windows 7, although only one affects the latter. Both Windows Server 2003 and 2008 are vulnerable, although the latter is only affected by one flaw.
"Five of the 'important' bulletins affect Office 2003, 2007 and 2010 including all Office versions for Macintosh as well," explained Wolfgang Kandek, chief technology officer at Qualys, who described this month's Patch Tuesday as "significant" in his blog post.
"One of the remaining bulletins addresses Internet Explorer 6 through 9 and the remaining bulletins apply to all versions of Windows."
A total of 10 could allow remote code execution, which will worry any IT departments wary of talented, malicious hackers.
Microsoft will release the bulletins on 13 December. To view the whole advisory, head to Microsoft's Tech Net.
To accompany the release, Microsoft has announced an update to its Microsoft Active Protections Program (MAPP) that should provide "greater transparency" over how partners use the information it shares with them.
"As of our most recent security advisory, we’ve started a new process of listing the partners who have confirmed that they released protection within 96 hours after the advisory release on a special web page," said Trustworthy Computing's Angela Gunn, in a blog post today.
"Naturally not every advisory applies to every partner, so we do not expect them all to report protections in place for every individual advisory."
IT departments will have a busy lead up to Christmas, given many will want to patch the latest zero-day threat to hit Adobe software
The software firm announced this week that a flaw affecting Reader and Acrobat was reportedly being exploited in the wild. Adobe is planning to issue a patch next week.