Each update contains multiple bulletins that address one or more software vulnerabilities in a specific product or component.
The 8 January update will contain two bulletins, both for components within Windows. Microsoft did not disclose exactly how many vulnerabilities will be patched in total.
The first bulletin has a maximum security rating of 'critical', Microsoft's highest level, and addresses vulnerabilities which could allow an attacker to remotely execute code on a user's system.
Flaws in Windows XP and Vista are both labelled 'critical', while Windows Server 2003 carries a lower 'important' security warning, and a Windows 2000 flaw is classified as 'moderate'.
The second bulletin carries a maximum security rating of 'important'. This warning level applies to Windows 2000, XP and Server 2003. Windows Vista is not listed as being vulnerable to the issues addressed by the second bulletin.
Microsoft is also planning to release two non-security updates for Windows, five non-security updates for other unspecified products and an update to its Windows Malicious Software Removal Tool.
All the updates will be available through Windows Update and Windows Server Update Services.
Microsoft kicks off 2008 with two patches
By Shaun Nichols on Jan 7, 2008 2:06PM