Tue, Dec 16 2008 16:13 Don

Out-of Band Microsoft Security Bulletin Advance Notification for December 2008

Issued: December 16, 2008

This is an advance notification of an out-of-band security bulletin
that Microsoft is intending to release on December 17, 2008.

The full version of the Microsoft Security Bulletin Advance
Notification for December 2008 can be found at
http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx.

This bulletin advance notification will be replaced with the
revised December bulletin summary on December 17, 2008. The revised
bulletin summary will include the out-of-band security bulletin as
well as the security bulletins already released on December 9, 2008.

For more information about the bulletin advance notification service,
see
http://www.microsoft.com/technet/security/Bulletin/advance.mspx.

To receive automatic notifications whenever
Microsoft Security Bulletins are issued, subscribe to Microsoft
Technical Security Notifications on
http://www.microsoft.com/technet/security/bulletin/notify.mspx.

Microsoft will host two webcasts to address customer questions on
this out-of-band security bulletin: on December 17, 2008, at 1:00 PM
Pacific Time (US & Canada) and December 18, 2008, at 11:00 AM
Pacific Time. Register for these out-of-band Security Bulletin
Webcasts at
http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Microsoft also provides information to help customers prioritize
monthly security updates with any non-security, high-priority
updates that are being released on the same day as the monthly
security updates. Please see the section, Other Information.

This advance notification provides the software subject as the
bulletin identifier, because the official Microsoft Security
Bulletin numbers are not issued until release. The bulletin summary
that replaces this advance notification will have the proper
Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the
bulletin identifier. The security bulletins for this month are as
follows, in order of severity:


Critical Security Bulletin

IE Bulletin

  - Affected Software:
    - Internet Explorer 5.01 Service Pack 4 when installed on
      Microsoft Windows 2000 Service Pack 4
    - Internet Explorer 6 Service Pack 1 when installed on
      Microsoft Windows 2000 Service Pack 4
    - Internet Explorer 6 for
      Windows XP Service Pack 2 and
      Windows XP Service Pack 3
    - Internet Explorer 6 for
      Windows XP Professional x64 Edition and
      Windows XP Professional x64 Edition Service Pack 2
    - Internet Explorer 6 for
      Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Internet Explorer 6 for
      Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Internet Explorer 6 for
      Windows Server 2003 with SP1 for Itanium-based Systems and
      Windows Server 2003 with SP2 for Itanium-based Systems
    - Internet Explorer 7 for
      Windows XP Service Pack 2 and
      Windows XP Service Pack 3
    - Internet Explorer 7 for
      Windows XP Professional x64 Edition and
      Windows XP Professional x64 Edition Service Pack 2
    - Internet Explorer 7 for
      Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Internet Explorer 7 for
      Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Internet Explorer 7 for
      Windows Server 2003 with SP1 for Itanium-based Systems and
      Windows Server 2003 with SP2 for Itanium-based Systems
    - Internet Explorer 7 in
      Windows Vista and
      Windows Vista Service Pack 1
    - Internet Explorer 7 in
      Windows Vista x64 Edition and
      Windows Vista x64 Edition Service Pack 1
    - Internet Explorer 7 in
      Windows Server 2008 for 32-bit Systems
    - Internet Explorer 7 in
      Windows Server 2008 for x64-based Systems
    - Internet Explorer 7 in
      Windows Server 2008 for Itanium-based Systems

    - Note for Windows Internet Explorer 8 Beta 2
      This vulnerability was reported after the release of Windows
      Internet Explorer 8 Beta 2. Customers running Windows Internet
      Explorer 8 Beta 2 are encouraged to download and apply the
      update to their systems when the bulletin is published.

    - Impact: Remote Code Execution
    - Version Number: 1.0


Other Information

Non-Security, High-Priority Updates on MU, WU, and WSUS:

For information about non-security releases on Windows Update and Microsoft
update, please see:
* http://support.microsoft.com/kb/894199: Microsoft Knowledge Base
  Article 894199, Description of Software Update Services and
  Windows Server Update Services changes in content for 2008.
  Includes all Windows content.
* http://technet.microsoft.com/en-us/wsus/bb466214.aspx: New,
  Revised, and Released Updates for Microsoft Products Other Than
  Microsoft Windows

Filed under: