Microsoft announced Thursday that it is prepping 17 patches to close 40 vulnerabilities as part of its December security update.
The update, due Tuesday, will close holes in Windows, Office, Internet Explorer (IE), SharePoint and Exchange, according to an advanced notification bulletin. Of the 17 bulletins, two are rated "critical," 14 are deemed "important" and one is designated "moderate."
The patch batch will close two publicly known issues: an elevation-of-privilege flaw that has been used in conjunction with Stuxnet attacks – public exploit code is available – and an IE bug that was being exploited in the wild on at least one legitimate website.
"We encourage customers to review this month's bulletins and to prioritize their installation according to the needs of their environment," Mike Reavey, director of the Microsoft Security Response Center, wrote in a blog post Thursday.
2010 likely will close with Microsoft releasing a total of 106 patches. Reavey said the high number is due to a number of factors, including increasing vulnerability research and the long periods of time that Microsoft supports its products.