Windows 7: Microsoft Plans Massive Patch Tuesday to Close 2011

The good news, if you can call it good news, is that only three of the 14 security bulletins are rated as Critical. The bad news is that all of the remaining 11 are still rated as Important, and some of the vulnerabilities addressed in the Important security bulletins could be very attractive to would-be attackers.

The 14 security bulletins are comprised of seven impacting Windows, five related to Microsoft Office, one dealing with Windows Media Player, and the consistent monthly update for Internet Explorer. As per usual, the flaws identified tend to impact legacy software like Windows XP and Internet Explorer 6 more than current products.

Another spark of good news is that it appears that Microsoft will issue a patch for the vulnerability exploited by the Duqu worm. While the information in the security bulletin advance notification from Microsoft is intentionally vague, Rapid7 security researcher Marcus Carey points out that Bulletin 1 seems to address the same flaw being exploited, and that it requires a reboot--indicating that it is likely a kernel level patch.

Microsoft isn’t the only one closing 2011 with a bang, though. Qualys CTO Wolfgang Kandek notes in a blog post that Adobe plans to issue an out-of-band patch for Adobe Reader and Acrobat 9 to address a zero day flaw that is currently being exploited in the wild.