Microsoft's Advance Notification Bulletin reported that the company will issue five security patches -- the four for Windows and one for a critical bug in the Microsoft Content Management Server, which is a tool built on .Net technology to manage Web content.
The patches will come one month after Microsoft tossed out its regular schedule and skipped its monthly security update for March. But the patches also will come out one week after the company was forced to go off-cycle and issue an emergency patch for the .ANI vulnerability. That patch fixes the way Windows handles malformed animated cursor files. Microsoft had planned on releasing the patch on schedule next week, but pushed it out early because of the wave of exploits that have been showing up.
In this week's emergency patch, Microsoft fixed six bugs.
It's not yet clear how many vulnerabilities will be fixed in the upcoming monthly Patch Tuesday release. While Microsoft announced four patches for Windows, for example, more than one bug could be fixed in each of those patches.
One oddity is Microsoft isn't releasing any patches for Microsoft Office. eEye Digital Security, a security company that tracks vulnerabilities, lists three defects in Office that have been disclosed but remain flawed.
"Some of the Office bugs have not been as high a priority and with the .ANI vulnerability, Microsoft has really had their hands full," said Jayson Jean, director of the iDefense vulnerability team at VeriSign. "They did well by releasing this week's patch out of cycle. The problem was escalating quickly so there was a fair amount of pressure driving them."
While not a patch, Microsoft did announce that it will be releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Tuesday. The tool helps remove malicious code from computers.