Microsoft has just provided advance notice of the patches that are scheduled to be released on January 14. The information is available at – http://technet.microsoft.com/en-us/security/bulletin/ms14-jan. In just about all respects, its a light month. There are only four patches to be released. None of the four patches are classified as CRITICAL. All of the patches are classified as IMPORTANT and only one of the four (Bulletin #1) is a vulnerability that would allow remote code execution if successfully exploited.
Further, the vulnerability being addressed in Bulletin #1 only applies to Word installations of Microsoft Office 2007-2013 and SharePoint 2010-2013 or Office Web Apps 2010-2013 installations.
Two of the three remaining patches are limited to elevation of privilege vulnerabilities for Windows XP and Server 2003 (bulletin #2) only; and also Windows 7 and Server 2008 R2 (bulletin #3). The final patch is limited to a denial of service vulnerability in the Microsoft Enterprise Resource Planning products Microsoft Dynamics AX 4.0, Microsoft Dynamics AX 2010 and Microsoft Dynamics AX 2012.
As of this time, no other products widely deployed (such as Java or Flash) are scheduled to be patched on Tuesday, January 14.
This web article will be updated as additional details are made available.
Update Jan 10 8:10 a.m.
Updates for Java and Adobe Reader and Acrobat are also scheduled to be released on January 14.
Additional details are available at the following URLs
- Java (and other) Oracle updates to be released on Jan 14.
- Adobe Reader & Acrobat