On December 9, Microsoft made available for download the last bouquet of security updates for 2008. the company released no less than eight security bulletins, six of them Critical and two rated as Important. Hot on the heels of the last round of patches for the year hitting Windows Update, the December 2008 Security Release ISO Image went live on the Microsoft Download Center. Via the Security Release ISO Image for the current month, the software giant is providing a single package for all the security updates designed for its Windows client and server operating systems, including Windows Vista Service Pack 1 and Windows XP Service Pack 3.

“As far as vulnerability counts go, this is the largest patch release since Microsoft started the 'Patch Tuesday' program back in late 2003. The release contains eight bulletins covering 28 vulnerabilities,” Symantec's Robert Keith revealed.

“Of those issues, 23 are rated 'Critical' and affect Word, Outlook, Internet Explorer, Visual Basic ActiveX controls, GDI, Windows Search, and Excel. All of the 'Critical' issues this month require some sort of user interaction, whether visiting a Web page that contains malicious content or viewing a malicious file. The remaining issues affect GDI, Windows Search, SharePoint, and Windows Explorer; they range in importance from 'Important' to 'Moderate.'”

Two operating systems not covered by the December 2008 Security Release ISO Image are the next iterations of the Windows client and server platforms. With Windows 7 and Windows Server 2008 R2 still in pre-Beta stage, Microsoft has offered updates for the two platforms, including a security patch, however, this is not the case for this month's security bulletins. In addition to Vista RTM/SP1 and XP SP2/SP3, the Security Release ISO is also designed for Windows 2000, Windows Server 2003, and Windows Server 2008.

The December 2008 Security Release ISO Image, aimed at customers that do not run automated patching solutions such as Windows Server Update Services, contains just three security bulletins, but delivers all the language versions for each update. The ISO offers Microsoft Security Bulletin MS08-071 (Critical) patching vulnerabilities in GDI, which could allow remote code execution, Microsoft Security Bulletin MS08-075 (Critical) plugging security holes in Windows Search, and Microsoft Security Bulletin MS08-076 (Important) resolving vulnerabilities in Windows Media Components.

The December 2008 Security Release ISO Image is available for download here.