Microsoft (NASDAQ: MSFT) will be addressing eight separate vulnerabilities in its first Patch Tuesday for the new year. According to the January 2012 Advance Notification released by the company, a total of seven bulletins will be addressed with one rated as "critical" and the rest "important."

The first six bulletins affect various versions of the Windows operating system, from Windows XP SP3 to Windows 7 and Windows Server 2008 R2. It is understood that the "critical" bulletin addresses a remote code execution issue in Media Player, while the seventh bulletin covers Microsoft Developer Tools.

In an email message, Paul Henry, security and forensic analyst at Lumension, indicated that the smattering of bulletins flagged as "important" essentially fixes the SSL weaknesses exploited by the Beast toolkit, various information disclosure issues, escalation of privilege issues and an update to Microsoft's SEHOP (Structured Exception Handling Overwrite Protection) technology.

As reported by Gregg Keizer on Computerworld, SEHOP is a label for an anti-exploit technology that was designed to block a now-common hacking technique first described in 2003. It is found inside Windows 7, Windows Server 2008 and Server 2008 R2, but disabled by default due to compatibility reasons. Keizer speculated that Microsoft may start enabling SEHOP by default with next week's Patch Tuesday.

Given how some of the updates may require a system restart, administrators can expect a busy week ahead. Moreover, Adobe (NASDAQ: ADBE) and Oracle (NASDAQ: ORCL) will also be releasing their quarterly security updates this month, on Jan. 10 and Jan. 17 respectively.

For more:
- check out this article at Computerworld
- check out this article at Search Security

Related Articles:
Internet Explorer to get silent updates
Microsoft plans hefty Patch Tuesday to close 2011
November Patch Tuesday sees just 4 bulletins, temporary Duqu fix