Microsoft announced today that it plans on shipping seven bulletins, five critical, two important, for the December edition of its monthly patch Tuesday security bulletin release cycle.
The year’s last scheduled batch of patches will address 11 vulnerabilities in all currently supported operating systems, including Microsoft Windows, Internet Explorer (IE 6-10), Office and the company’s Server Software.
If left unpatched, six of the seven bulletins could lead to remote code execution while the last could allow a hacker to bypass one of Windows’ security features.
Qualys’ Wolfgang Kandek notes on the company’s Laws of Vulnerabilities blog that the third bulletin, rated critical, affects Microsoft Word, suggesting the vulnerability may leverage Outlook to display documents without the users’ interaction.
The bulletin summaries will be released in their entirety next Tuesday, December 11 and per usual, the company is set to host a Technnet webcast discussing the vulnerabilities and patch management practices the following day, December 12 at 11 a.m.