Seven bulletins are planned in whole are planned for the 11 December release. Each bulletin fixes one or more vulnerabilities in a specific software component.
The December release will patch critical vulnerabilities in three software components. Each of the three critical fixes affect Windows Vista, XP, and Windows 2000 and each of the three fix flaws which could allow an attacker to remotely execute code on a targeted system.
Among the critical fixes is at least one flaw in Internet Explorer. The bulletin is rated as critical for both versions 6 and 7 of the browser and could allow for remote code execution.
The nature of the patch was not disclosed, but earlier this week, Microsoft disclosed a flaw in IE's web proxy handling which could potentially allow an attacker to commit a "man in the middle" attack against a user.
Also receiving a critical fix will be DirectX. The graphics software component has been deemed vulnerable to a remote exploit which could allow an attacker to run malicious code. DirectX versions 7 through 10 are subject to the bulletin.
The third of the three critical fixes is for Windows Media Format Runtime in Windows XP, 2000, and Vista as well as Windows Media Services on Windows Server 2003.
Tuesday's update will also fix four flaws rated "important" by Microsoft. The bulletins address two issues in Windows Vista, one in Windows XP, and one in Windows 2000.
Seven patches to cap Microsoft's year
By Shaun Nichols on Dec 11, 2007 7:03AM