Introduction: Why a Consumer Electronics Show should matter to an enterprise-focused leader.

Microsoft on Thursday issued an advance notice for its December security bulletins, which will  be released on December 14 and will include 17 updates designed to address 40 vulnerabilities in Windows, Office, Internet Explorer, SharePoint, and Exchange.

Microsoft issues these advance notifications every month before the updates themselves are released, so that users can prepare for testing and deployment of the patches. December's release sets a record number of patches from Microsoft this year, beating the number of patches released by the software giant in October by one.

Microsoft reportedly sold just 40,000 Windows Phone 7 phones in its opening day on sale Monday, dwarfed by Apple's 600,000 pre-orders for the iPhone 4 on its first day and Google's boost that it is activating more than 200,000 Android phones per day.

The report by TheStreet.com citing "a market research source who tracks phone sales" dovetails with new research from the IHL Group that shows relatively little interest among current smartphone users in Windows Phone 7. The IHL study announced this week found that more than 56 percent of current smartphone users are seriously considering an Apple iPhone and 44 percent an Android device for their next smartphone, while only 24 percent are considering a BlackBerry and a paltry 10 percent gave Microsoft's Windows Phone 7 any serious consideration. The study is based on a survey of 570 consumers and 66 retailers, the research firm said.

Microsoft recently released its latest Security Intelligence Report, this time focusing on the power of botnets and what enterprises can do to defend against them.

Like many security vendors, Microsoft releases a periodic report (this one covering the first half of 2010) that details which security threats it has found particularly menacing of late. The goal is to help IT managers make risk management decisions and, if necessary, adjust their security postures based on the changing threat landscape, says the company. In addition to highlighting key findings, this version of the report drills down into how botnets work, a history of botnets, and which botnets have been most active recently.

Last week, I was in San Francisco attending Deutsche Bank’s 2010 Technology Conference (September 14-16).  The following post is a high-level summary of my key takeaways, intended to inform you of key industry themes and changes within a brief reading (rather than a lengthy detailed vendor-by-vendor report). 

Microsoft has released a tool designed to close a security hole in Windows applications that could allow for unauthorized access to PCs. The security flaw is created not by a vulnerability in Microsoft code, but in the way some Windows programs are developed, says the company. And while Microsoft is not taking responsibility for the problem, it nonetheless has rolled out the tool and a set of development best practices.

According to a Microsoft Security Advisory, research has been published that details "a remote attack vector for a class of vulnerabilities that affects how applications load external libraries." The attack, called binary planting or DLL preloading, is caused by the way Windows programs are written, allowing hackers to remotely execute code when a user opens a file from a location that isn't trusted, says the advisory.