This month, Microsoft is planning for 7 bulletins, of which 5 are critical and 2 are important. The software giant released its advance notification for Patch Tuesday a few minutes ago. Two patch management experts have sent me their early analysis. Here it is, in full:\tPaul Henry,\u00a0 Lumension:\t\t\tThis month, there are 7 bulletins, of which 5 are critical and 2 are important. Fortunately, none are currently under active attack, so that should set IT\u2019s mind at ease as they begin to apply this set of patches.\t\t\tSince 2012 is coming to an end, let\u2019s start off with a quick look at the numbers year-over-year. In 2011, Microsoft had 100 bulletins for the calendar year, of which 34 were critical, 63 important and 3 moderate. In 2012, they reduced the number of bulletins by close to 20 percent, coming in at 83 bulletins for the year, of which 35 were critical, 46 important and 2 moderate. It\u2019s great to see that Microsoft\u2019s Secure Coding Initiative is paying off, reducing the number of vulnerabilities in their software, resulting in an easier time for IT at Patch Tuesday time.\t\t\tAnother trend that\u2019s interesting to note is Microsoft\u2019s consistency. When you look at the numbers in-depth, you can see that in 2011, there was a bit of yo-yo\u2019ing going on with Patch Tuesday. For example, in January, there were 2 bulletins, while February had 12. March then went back down to 3, but April went up to 17, while May went down to 2 and June back up to 16. IT might have felt like they had whiplash by the end of the year! In contrast, January of this year had 7, slight increase to 9 in February, then 6 in both March and April, and 7 in both May and June. In fact, only one month \u2013 September, at 3 \u2013 was lower than 6 or higher than 9. The degree of consistency makes it easier for IT to plan out the time and effort they\u2019ll need to spend on Patch Tuesday each month.\t\t\tNow, onto this month\u2019s bulletins! The most important bulletin is Bulletin 1, affecting IE 9 and IE 10. It\u2019s a critical severity rating. These are use-after-free issues. They affect only components that were introduced in IE9, which is interesting, because it means that it affects IE 9 and IE 10 and the downlevel platforms don\u2019t really have the components. Microsoft has done some defense in depth hardening for those platforms to address these issues. However, because those platforms don\u2019t have the affected components, they were not given a severity ranking.\t\t\tThe next priority is Bulletin 3, which is a Microsoft Word remote code execution vulnerability. While typical Word vulnerabilities are ranked important, this is ranked critical. Similar to a bulletin issued a few months ago, there\u2019s an issue with RTF formatted data that can be parsed in the Outlook Preview Pane, executing the vulnerability. Because of that parsing, this will be very important to apply quickly.\t\t\tNext, Bulletin 2 is a kernel mode drivers issue, ranked critical. Similar to a bulletin last month, this affects True Type and Open Type parsing. However, because executing on this vulnerability would be time consuming and difficult, this is less important than the Word and IE issues.\t\t\tBulletin 4 is an Exchange vulnerability involving a remote code execution. A few months ago, Microsoft addressed Oracle Outside In vulnerabilities for the first time. This is a similar update addressing the recent Oracle update to Outside In. There\u2019s never been an active attack on this, but it\u2019s an important component, so it\u2019s good to see Microsoft performing their due diligence here.\t\t\tThen we have Bulletin 5, a remote code execution issue in the Windows file handling component, affecting Windows XP through Windows 7. Fortunately, Windows 8 is not affected here. Essentially, when Windows Explorer parses a file name, it hits this vulnerability.\t\t\tBulletin 6 affects a vulnerability in Direct Play, affecting all versions of Windows from XP through Windows 8. As we said last month, Windows 8 is unfortunately not perfect, security-wise, and we can expect updates for that operating system to become more common in 2013. If you use Direct Play to parse content in Office documents or things embedded in Office documents, this vulnerability will come into play. The Office documents will act as a vector, but it is a Windows level vulnerability.\t\t\tFinally, Bulletin 7 is a vulnerability in IP HTTPS, which is a component in Direct Access. Direct Access is a common VPN authentication solution that checks corporate credentials when you log in to ensure they have not been revoked or expired. Essentially, this is a bug that doesn\u2019t honor the revocation of time stamp, as you might see for corporate credentials after an employee leaves a company. This vulnerability would allow someone with a revoked certificate to log in and access corporate assets. This is ranked important if you use Direct Access.\tAlex Horan, senior product manager, CORE Security:\t\t\tBulletin 1. Appears to Target IE6, 7, 8, 9 and 10 marked as critical for \u00a0Vista, \u00a0Windows 7, Server 2008 R2, Windows 8 and Windows RT (moderate for Server 2008 & 2008 R2, 2012). This is a good one, a client side for Windows 7 and 8. A very attractive exploit to attackers to have.\t\t\tBulletin 2. This may be a network or local exploit that is marked as Critical for XP SP3, Windows 2003 SP2, Vista Sp2, Server 2008 SP2, Windows 7 SP0 & SP1, server 2008 R2 SP0 & SP1, Windows 8, Windows RT. Man, this is really the entire Windows family! They don\u2019t say if this is a vulnerability on those systems that could be attacked over the network or if you need to be able to run code locally, but having an exploit that would potentially work against a wide range of windows systems is a great utility to have in your bag.\t\t\tBulletin 3.\u00a0 Rated as Important for Word 2003 SP3 and critical for Word 2007 SP2 & 3 and Word 2010 SP1.\u00a0 This is classic client side fodder, send an email with a job offer attached, or the new 401k plan attached and get control of a user\u2019s machine, plus if you exploit Bulletin 2, you get control of everything. \u00a0\t\t\tBulletin 4. Wowser! A Critical vulnerability in Exchange 2007 SP3 and 2010 SP1&2 \u2013 internet facing servers with a Remote Code Execution vulnerability, and email servers. You don\u2019t just randomly turn off email serves without generating howls of protest from your company to fix this one. This is my number one vulnerability in the bunch.\t\t\tBulletin 5. Critical for Windows XP SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP0 and 1, Windows 2008 SP0&1.\u00a0 If they had added Windows 8 then this would have been my new favorite, still that list represents a large percentage of the Microsoft operating systems that are installed out there.\t\t\tBulletin 6.\u00a0 Well, after the rest, an important vulnerability for Windows XP, Vista, 7, 8 and \u00a0server 2003, 2008, 2012, it \u00a0just doesn\u2019t get a rise out of me. Given the other vulnerabilities are rated as critical, this one will get a pass from security researches, they are going to feast on the first five bulletins of goodness.\t\t\tBulletin 7. It is not really clear what they bypass is, but as it only affects Windows server 2008 and 2012 this again is a lower ranked issue \u2013 though I expect people who will be quite curious about what the bypass is, as where there is one bypass there may be others.