Microsoft Patch Tuesday for December 2009

Microsoft will release six security bulletins this Tuesday. Three are rated as “Critical” and the other three are marked “Important.”

According to the Microsoft Security Response Center, Microsoft will issue six Security Bulletins on Tuesday, and it will host a webcast to address customer questions about the bulletins the following day (December 9 at 11:00am PST, if you’re interested). Three of the vulnerabilities are rated “Critical,” and the other three are marked as “Important.” All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least five of the six patches will require a restart.

The list of affected operating systems includes Windows 2000, Windows XP (x86 and x64), Windows Server 2003 (x86 and x64), Windows Vista (x86 and x64), Windows Server 2008 (x86 and x64), Windows 7 (x86 and x64), and Windows Server 2008 R2 (x86 and x64).

In terms of the Microsoft Office suites, only Office XP and Office 2003 are affected. In addition, Project 2000, Project 2002, Project 2003, Microsoft Works 8.5, and Microsoft Office Converter Pack are also vulnerable.

The exact breakdown of the bulletins is as follows:

* Bulletin 1: Critical (Remote Code Execution), Windows
* Bulletin 2: Important (Remote Code Execution), Windows, Office
* Bulletin 3: Critical (Remote Code Execution), Office
* Bulletin 4: Critical (Remote Code Execution), Windows, Internet Explorer
* Bulletin 5: Important (Denial of Service), Windows
* Bulletin 6: Important (Remote Code Execution), Windows

If you’re wondering, the Internet Explorer hole Microsoft is plugging is indeed the one we reported on last month that affects both Internet Explorer 6 and Internet Explorer 7, but not Internet Explorer 8.