Microsoft’s last Patch Tuesday for 2010 is due tomorrow and it looks like system administrators will have their hands full in the run-up to the holiday break. According to its advance notification for the December batch of updates, the company plans to issue 17 bulletins addressing a total of 40 vulnerabilities – the biggest in its history, it seems. Only two have a maximum rating of critical, though, while 14 are designated as important and one is rated moderate.
The security bulletins cover a wide range of Microsoft software including all versions of Windows, as well as Internet Explorer, Microsoft Office, SharePoint, and Exchange. Among the vulnerabilities being addressed is a privilege escalation bug exploited by the infamous Stuxnet worm, as well as an Internet Explorer zero-day issue that the company warned users about last month and has seen some exploits in the wild.
As usual, there will also be an update for the Windows Malicious Software Removal tool as well as Windows Mail Junk Filter and “one or more non-security, high-priority updates.” Along with the announcement Microsoft Security Response Center director, Mike Ravey, offered a look back at 2010
revealing that the latest round of security bulletins puts the total at 106 for the year – up 43 percent from the 74 security bulletins deployed in 2009. More details will come with the release of the patches tomorrow, but in the meantime, Microsoft's advance notification can be found here