Microsoft will issue nine security bulletins, including three critical updates and six characterized as important on Tuesday. Vulnerabilities in two of the critical bulletins could be exploited to allow an attacker to take control of a system running most Windows operating system without user interaction, and thus are the most urgent priority for patching. Microsoft will provide details in its regular “Patch Tuesday” announcement.
A third critical bulletin similarly does not require user interaction but affects only Internet Explorer 9 users and does not impact previous versions of the browser, so enterprises should pay attention if they are using the latest IE version. All three critical bulletins allow remote code execution by an attacker.
The six other bulletins are rated as important, the next most severe category. Two involve remote code execution, three escalation of privilege and one information disclosure. Three bulletins are exploitable through flaws in Windows OSes, and three in Microsoft Office.
Microsoft has not yet issued a patch for CVE-2012-188, a zero-day flaw that is being exploited in the wild. An exploit, for example, has been included in the notorious Blackhole exploit kit.