Microsoft's Patch Tuesday software updates will require system reboots just as IT administrators and channel partners are the most nervous about anything that might potentially cause service interruptions.

Furthermore, many of the current vulnerabilities expose the full history of Windows operating systems, leading Alex Horan, senior product manager at CORE Security, to describe this Patch Tuesday as a "Christmas present for the bad guys."

"Cybercriminals are very happy when they can launch one attack across multiple OSes," he said. "This Patch Tuesday has vulnerabilities that are repeated across the entire Microsoft family and affects the core of the OS. So the bad guys can write one exploit and basically attack every Windows machine out there. To write one piece of code and have it work against everything is just Nirvana."

[Related: Microsoft Patch Tuesday's Highest Priority: IE 9]

Among the seven bulletins in this month's list, five are marked as critical, as a result of the risk of remote code execution.

Bulletin 4 arguably dominates the pack this month. It involves a critical vulnerability for remote code execution in Exchange 2007 SP3 and 2010 SP1 and 2.

"Both of those systems, by design, face the Internet," said Horan. "They have to in order to accept email. So the attacker no longer has to be in the network or run code on Windows machines. They just have to send an email or connect to the port where you receive email. Restarting the Exchange Server needs to be done at a time when it's not going to impact business, so this one could be somewhat troublesome."

The mission-critical nature of Microsoft Exchange is especially emphasized during the holiday season.

"I think it's fair to say that anybody running Windows is going to need to patch and reboot next week," said Andrew Storms, director of security operations at nCircle. "Every SKU of Windows is affected here in one manner or another. And we're in a time of the year when a lot of people aren't going to want to reboot. They want to focus on sales, and they can't afford any downtime with holiday shopping, so it's tempting to put these on hold and wait until January."

But Storms added that once the specifics of the vulnerability are announced on Tuesday, hackers will immediately be on the lookout for vulnerable pieces of code. "You have to determine the risk for yourself and for your company, and it could be that the mitigation can be executed without much downtime or interruption," he added.

NEXT: A Busy Patch Tuesday

Among the other bulletins, Bulletin 1 is aimed at closing an exploit that appears to target Internet Explorer versions 6 through 10, and are marked as critical for Vista, Windows 7, Server 2008 R2, Windows 8 and Windows RT. It also applies to Server 2008 and 2008 R2, 2012, where it is ranked as moderate.

Bulletin 2 is marked as Critical for XP Service Pack 3, Windows 2003 Service Pack 2, Vista Service Pack 2, Server 2008 Service Pack 2, Windows 7, Server 2008, Windows 8 and Windows RT. Bulletin 5 impacts much the same family with the exception of Windows 8.

Bulletin 3 involves remote code execution opportunity involving Microsoft Word. Bulletin 5 is a remote code execution vulnerability in the Windows file handling component of Windows XP, Vista and Windows 7.

The remaining two bulletins are rated as important. Impacted products include all versions of the Windows operating system.

"Right now it appears that everything is likely to be on the down low instead of exploited in the wild," summarized Horan. "But security professionals better get a good night's sleep on Monday, because you're not going home for a while on Tuesday."

PUBLISHED DEC. 6, 2012