In its monthly Security Bulletin Advance Notification, Microsoft announces how many security updates or bulletins will be released the next week, but does not go so far as to say how many vulnerabilities will be patched.
The advisory did note that six of the bulletins will contain fixes for critical bugs and three of them will patch flaws that are given a security risk rating of 'important' and under.
Six of the bulletins affect Microsoft Windows. Five of them have a maximum security rating of critical, meaning that at least one of the flaws being fixed is rated as "critical", and one has a maximum rating of important. One bulletin, which has a maximum rating of important, affects Microsoft's new and highly touted Windows Vista. That vulnerability could allow remote code execution, according to the advance notification.
One of the bulletins affects Visual Basic, and two affect Internet Explorer. The IE bugs both cause remote code execution. One bulletin, which has a critical security rating, affects Microsoft Office, also enables remote code execution. Other bulletins affect XML Core Services, Office for Mac, Virtual PC and Virtual Server.
In Microsoft's monthly Patch Tuesday release last month, software company issued six security bulletins, patching 11 vulnerabilities.
Security researchers warned IT managers to patch all of the bugs that were fixed in the July release, but to turn their immediate attention to two vulnerabilities in Active Directory implementations in Windows 2000 Server and Windows 2003 Server. Amol Sarwate, manager of vulnerability research lab at Qualys, called this the most important of the 11 bugs that Microsoft patched last month.