This patch Tuesday will be one of the lightest ones for security in recent memory. According to the Security Bulletin Advance Notification for this month, Microsoft will only be releasing one patch for Windows, and none for Internet Explorer or Office. The patch will be issued on Tuesday, January 12, and will be followed on January 13 by a 90 minute webcast at 11:00 AM Pacific. In addition to the one patch for Windows, Microsoft will also release an updated version of the Malicious Software Removal Tool.
The patch is considered critical for Windows 2000 users, and low for all other versions, and relates to a remote code execution venerability. Effected operating system versions include every currently supported edition both on the client and server side:
- Windows 2000 Service Pack 4 [Critical]
- Windows XP Service Pack 2 & Service Pack 3
- Windows XP x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2 (32-bit, 64-bit & Itanium)
- Windows Vista Service Pack 1 & Service Pack 2 (32-bit & 64-bit)
- Windows Server 2008 Service Pack 2 (32-bit, 64-bit & Itanium – except Server Core installs)
- Windows 7 (32-bit & 64-bit)
- Windows Server 2008 R2 (64-bit & Itanium – except Server Core installs)
Microsoft will still be releasing one or more non-security but high-priority update through Windows Update and Windows Server Update Services, but has not yet disclosed details.