Microsoft rated one of the bulletins "Critical" and one "Important." Both pertain to the Windows operating system.
The "Critical" bulletin affects Windows Vista, Windows XP Professional x64 Edition Service Pack 2, and Windows XP Service Pack 2. It also affects some Windows 2003 configurations but only at the "Important" level of severity. For Windows 2000 SP4 users, the rating is merely "Moderate."
The "Important" bulletin affects various versions of Windows, though not Vista.
Microsoft does not disclose specifics about the vulnerable software it will be patching. One of the bulletins may address a zero-day exploit, "Windows Media Player 6.4 MP4 Stack Overflow," published just before Microsoft's December 2007 patch.
Microsoft will publish the actual bulletin next week on Jan. 8, 2008.
"As always, we'll be holding the January edition of the monthly security bulletin webcast on Wednesday, January 9, 2008 at 11 a.m., Pacific Standard Time," said Bill Sisk in a blog post on the Microsoft Security Response Center. "We will review this month's release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can't make the live webcast, you can listen to it on-demand as well."
In December 2007, Microsoft issued seven bulletins, three of which were rated "Critical" and four of which were rated "Important." In November, Microsoft issued two bulletins, one "Critical" and one "Important."
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.