Microsoft just announced the November patches that are scheduled to be released on November 13. There are a total of six patches to be released. Four of the patches are designated as CRITICAL, one designated as IMPORTANT, and one designated as MODERATE.
The critical patches apply to the following Microsoft products:
Workstation Operating Systems
- Windows XP SP3 and SP2 (64 and 32 bit respectively)
- Windows Vista SP2 (32 and 64 bit)
- Windows 7 base and SP1 (32 and 64 bit)
- Windows 8 (32 and 64 bit)
Server Operating Systems
- Windows Server 2003 (32, 64 bit and Itanium)
- Windows Server 2008 SP2 (32, 64 bit and Itanium)
- Windows Server 2008R2 base and SP1 (64 bit and Itanium)
- Windows Server 2012
Windows Tablet Systems (also known as RunTime)
- Windows RT
- Internet Explorer version 9 on Windows Vista (all versions)
- Internet Explorer version 9 on Windows 7 (all versions)
The IMPORTANT patches apply to the following products:
Office Suites and utilities
- Microsoft Excel 2003 SP3
- Microsoft Excel 2007 SP2 and SP3
- Microsoft Excel 2010 SP1 (32 and 64 bit)
- Microsoft Office for Mac 2008
- Microsoft Office for Mac 2011
- Excel Viewer
- Microsoft Office Compatibility pack SP2 and SP3
As Internet Explorer is included for most current Windows Workstation operating systems, it is expected that a recommendation to patch workstations as soon as possible will be issued following the release of the patches on November 13. However, as no details are currently available, this announcement is all that is being provided at this time. Additional information will be available on Tuesday, November 13.
Additionally, if you have Adobe Flash or Air installed, a security patch was released for those products on November 6. It can be downloaded from – http://www.adobe.com/support/security/bulletins/apsb12-24.html
Update November 14, 8:00 a.m.
On Tuesday, November 13, Microsoft provided additional details on the November patches. Based on the information available, it is recommended that Windows workstations and servers should be patched as soon as possible.
Due to the fact that the vulnerability was not disclosed publicly prior to November 13, there does not appear to be an immediate risk for remote code execution exploitation. However, according to analysis from Microsoft (http://blogs.technet.com/b/srd/archive/2012/11/13/assessing-risk-for-the-november-2012-security-updates.aspx ), reliable exploit code is likely to materialize in the next 30 days for the vulnerabilities patched in MS12-071 and MS12-072