"Maybe they are busy prepping for CES, but Microsoft only plans to issue two patches for the first Patch Tuesday of the new year. Both patches will deal with code execution vulnerabilities in the Windows Vista operating system. One will be rated "critical," while the other received an "important" rating from the Redmond company.
The critical patch affects not only Vista, but all versions of the Windows operating system, while the important patch is also intended for Windows 2000, XP, and 2003. FrSIRT may provide some idea as to what these patches may be: it currently lists a critical buffer overflow vulnerability in Microsoft DirectX, and a "moderate risk" flaw in the Windows CFileFind class."