Patch Tuesday for December 2009, last of this year

Microsoft is set to release six patches on December 8, 2009. Three of the six patches are marked as "critical", Microsoft's highest security rating, while the other three patches are labeled as "Important". These six patches should be the last release package of the year from Microsoft.

Microsoft will be patching a remote code execution on fix out of six patches and one denial of service security hole. The six patches that will be released on Tuesday will patch holes in Windows, Microsoft Office, and Internet Explorer.

The patches will fix security holes in:

  • Internet Explorer 5, 6, 7 & 8
  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 2 & 3
  • Windows Vista Service Pack 1 & 2*
  • Windows Server 2003 Service Pack 2*
  • Windows Server 2008 Systems Service Pack 2*
  • Office XP Service Pack 3
  • Office 2003 Service Pack 3

* Both 32bit and 64bit architecture

Windows 7 will not receive any updates, other than the Internet Explorer 8 patch, leaving Windows 7 with only one patch, which was released back in October.

Microsoft will be hosting a live webcast for anyone interested in asking questions about the security bulletins the day after the release, on December 9 starting at 11:00am PST. The webcast is scheduled to last 90 minutes and can be found here on TechNet.

Five of the six updates will require a restart.

Thanks to Ci7 for the news tip.

Report a problem with article
Previous Story

NOTICE: Essential Server Maintenance

Next Story

Online retailers predict record sales

19 Comments

Commenting is disabled on this article.

Seen as though normally they only do patches once a month, the December one is likely to be the last one of the year, or has a new month been added to the gregorian calander?

Exactly what I thought when reading the title in the Main page lol

I was about to wait until tomorrow to slipstream patches for some Windows 7 unattended instalaltions, but is there aren't new ones except for the IE monthly patch, I will carry on today to save me some time.

Bero said,
with no updates for win 7 .. that means sp is further delayed ?

Probably - W7 is quite stable already (provided you have recent drivers).

BiGdUsTy said,
A rollup pack for XP SP3 would be nice.



Never have figured what the sense of those rollup packs were?

They're nothing but the same patches that have already been released individually!

cork1958 said,
Never have figured what the sense of those rollup packs were?

They're nothing but the same patches that have already been released individually!

Take Windows 2000 which has near enough 80 updates on top of SP4. If a cumulative URP update is released then most of those get rolled into one update, one install. This means that you're not downloading a patch that replaces file x, then another that re-replaces file x and so on n times.
It saves bandwidth, it saves alot of time on installing - especially on XP and higher where by default it creates restore point for each patch install.

Microsoft can then reduce the scan database size for windows update, making WU run faster. If anyone has to repair install, it's a much faster process to get back up and running.

Lastly, anyone calling MS PSS can save time checking whether they have installed update x, y or z. The support rep can find out if they're using the newly required baseline patch (the URP) and if not tell them to go off, install that and come back rather than going through the entire update list to see if a fix was issued.

Microsoft historically have also thrown in one or two out of bound patches into their past URP's - for NT4, 2000 and XP SP1.