According to the Microsoft Security Response Center, Microsoft will issue a single Security Bulletin on Tuesday, and it will host a webcast to address customer questions about the bulletins the following day (January 13 at 11:00am PST, if you’re interested). The vulnerability is rated “Critical” and it earned the rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. The single patch may require a restart.
The list of affected operating systems includes Windows 2000, Windows XP (32-bit and 64-bit), Windows Server 2003 (32-bit and 64-bit), Windows Vista (32-bit and 64-bit), Windows Server 2008 (32-bit and 64-bit), Windows 7 (32-bit and 64-bit), and Windows Server 2008 R2 (32-bit and 64-bit). Microsoft noted that the vulnerability is critical only on Windows 2000, and it is low for all other platforms.
Microsoft will not be releasing any patches for Microsoft Office nor Internet Explorer this month. If you’re wondering, the SMB hole in Windows 7 and Windows Server 2008 R2, disclosed in November 2009 will not be addressed either. Microsoft says it is still working on an update for the issue and that it is not aware of any active attacks using the exploit code that was made public.
Along with these patches, Microsoft is also planning to release the following on Patch Tuesday
One or more nonsecurity, high-priority updates on Windows Update (WU) and Windows Server Update Services (WSUS)One or more nonsecurity, high-priority updates on Microsoft Update (MU) and WSUSAn updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Microsoft Download Center
This information is subject to change by Patch Tuesday; Microsoft has been known to rush patches as well as pull them if it deems it necessary.