Windows administrators will see seven security updates in the December 2007 Microsoft Security Bulletin Advance Notification, with three critical updates for Windows Server and Internet Explorer and four important updates for Windows.
In Windows Server, the three critical updates patch remote code execution vulnerabilities that could let hackers gain access to computers, usually over the Internet, to steal data or carry out spamming attacks.
The critical security updates affect Windows 2000 Server Service Pack 4, Windows Server 2003 SP1 and SP2 and Windows Server 2003 x64 Edition. Two of the updates also affect Windows Server 2003 SP2 for systems that run on Itanium-based hardware. Microsoft is also patching Windows XP SP2 and XP Professional x64 Edition SP2. The three critical updates also affect Windows Vista.
There are four updates that are rated important. Two of the four updates address remote code execution vulnerabilities, and the other two address vulnerabilities that hackers could use to elevate a user's privilege level and access important data.
There are also six non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS). In addition to those, Microsoft will release one non-security, high-priority update on Windows Update, or WU. More information on the non-security updates will be available next week.
To find out if computer systems need all or any of these updates, companies can use Microsoft Baseline Security Analyzer and its Enterprise Update Scan Tool.
Additionally, an updated version of the Microsoft Windows Malicious Software Removal Tool will be released on Dec. 11 on Windows Update, MU, WSUS and at Microsoft's download center.