Microsoft warned users Thursday that they needed to set aside time on Tuesday, Feb. 14, to deploy seven security bulletins, the most the Redmond, Wash.-based developer has released since October 2005.
In the monthly pre-patch notification it sends out five days prior to unveiling fixes, Microsoft said that at least two of the seven will be rated "Critical," which by the company's definition means that the vulnerability can be remotely exploited.
One of the critical bulletins affects Windows Media Player, said Microsoft, which as is its practice, offered no details on the bug. According to Danish-based vulnerability tracker Secunia, there are no critical flaws in Media Player outstanding, which might mean that the vulnerability is not known to hackers and so is not yet being exploited.
Four of the seven bulletins involve Windows; at least one is gauged "Critical" by Microsoft.
eEye Digital Security, a Aliso Viejo, Calif.-based company well-known for spotting Microsoft flaws, currently has four open Windows issues listed on its research page. The oldest was reported to and acknowledged by Microsoft in early May 2005. Secunia, meanwhile, claims that 26 unpatched bugs exist in Windows XP alone.
It's possible, although unlikely, that one or both of the two bugs acknowledged by Microsoft Tuesday in security advisories will be among those fixed next week. The company usually takes considerable time to develop and test its patches.
Two other bulletins, both labeled "Important," impact Microsoft Office, the company's popular business application suite. One of the pair affects both Windows and Office, phrasing that often means server software is involved.
Microsoft will also issue one non-security, high-priority update to Windows, and will update the Windows Malicious Software Removal Tool to, at the least, account for the Kama Sutra/MyWife/Nyxem worm that caused a stir last week.
A follow-up Webcast to explain the fixes and answer customer questions is scheduled for Feb. 15.
What details Microsoft's willing to divulge can be found in the advance notice posted on the company's Web site.