[Jochen]

in der Security Bulletin Advance Notification für Dezember 2008 werden acht neue Sicherheitsupdates angekündigt, von denen sechs als Kritisch und zwei als Hoch bewertet werden (siehe unten geordnet nach Schweregrad). Die Dezember Security Bulletins werden am 09.12.08 veröffentlicht.

Deutsche Infos findet Ihr in den nächsten Tagen unter: http://www.microsoft.com/germany/tec...l/default.mspx.

Weitere allgemeine Informationen zu Microsoft Security Bulletin Advance Notifications findet Ihr hier: http://www.microsoft.com/germany/tec...inadvance.mspx

_____________________________

What is the purpose of this alert?

As part of the monthly security bulletin release cycle, Microsoft provides advance notification to our customers on the number of new security updates being released, the products affected, the aggregate maximum severity, and information about detection tools relevant to the update. This is intended to help our customers plan for the deployment of these security updates more effectively.

On December 9, 2008 Microsoft is planning to release eight (8) new security bulletins. Below is a summary in order of severity.

New Bulletin Summary

This advance notification alert provides the software subject as the bulletin identifier because the official Microsoft security bulletin numbers are not issued until release. The bulletin summary that replaces the advance notification Web page will have the proper Microsoft security bulletin numbers as the bulletin identifier.

The following table summarizes the security bulletins for this month in order of severity. For details on affected software for each new bulletin, see the Affected Software section of the advance notification Web page at the link provided below the table.

Bulletin ID Maximum Severity Rating Vulnerability Impact Restart Requirement Affected Software
Windows 1 Critical
Remote Code Execution Requires restart Microsoft Windows
Windows 2 Critical
Remote Code Execution Requires restart Microsoft Windows
IE Critical
Remote Code Execution Requires restart Microsoft Windows, Internet Explorer
VB Critical
Remote Code Execution Requires restart Microsoft Developer Tools and Software, Microsoft Office
Word Critical
Remote Code Execution Does not require restart Microsoft Office
Excel Critical
Remote Code Execution Does not require restart Microsoft Office
SharePoint Important
Elevation of Privilege Does not require restart Microsoft Office, Microsoft Server Software
WMC Important
Remote Code Execution May require restart Microsoft Windows

Although we do not anticipate any changes, the number of bulletins, products affected, restart information, and severities, are subject to change until released.

Advance Notification Web Page: The full version of the Microsoft Security Bulletin Advance Notification for this month can be found at http://www.microsoft.com/technet/sec.../ms08-dec.mspx.

Microsoft Windows Malicious Software Removal Tool: Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Monthly Security Bulletin Webcast: To address customer questions on these bulletins, Microsoft will host a Webcast next week Wednesday at 11:00 A.M. Pacific Time (U.S. & Canada). Registration for this event and other details can be found at http://www.microsoft.com/technet/sec...n/summary.mspx.


At this time, no additional information on these bulletins, such as details regarding the vulnerability or severity, will be made available until the bulletins are published on Tuesday.

Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft's security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft's Web-based security content, the information in Microsoft's Web-based security content is authoritative.

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

Thank you,
Microsoft CSS Security Team