Looks like we’ve got some interesting security updates coming tomorrow in Windows Update. The Security Bulletin Advance Notification for February 2012 lists 9 different bulletins for the upcoming release. Four of them are critical, and three of them involve various Windows versions from XP through Windows Server 2008 R2 and Windows 7 (one more involves the .NET Framework and Silverlight), and all of these involve remote code execution.
Each of the five remaining bulletin items is rated “Important” and involves either “remote code execution” (3) or “elevation of privilege” (2). In addition to current Windows versions (3), Microsoft Office (2)and Server applications (1) are affected. Every single update is labeled either “Requires restart” (4) or “May require restart” (5) so some deployment analysis and planning will be required to slipstream these updates into your normal handling processes.
The other shoe will drop tomorrow, when we find out exactly what kinds of threats are being addressed or mitigated, and what kinds of urgency enterprises are likely to feel in the face of the latest crop of update releases. It used to be that 9 for patch Tuesday was a big deal, but it’s becoming increasing commonplace to have half-a-dozen or more patched delivered “on-cycle” (2nd and 4thTuesday of each month) with the occasional truly urgent package delivered whenever it can be rushed out the door.