Microsoft will issue six security updates for Windows, Internet Explorer, Outlook Express, Windows Mail and Visio.
Four of the six bulletins scheduled for Tuesday, June 12, will be ranked "critical" — Microsoft's highest threat rating — while one each will be labelled "important" and "moderate." Half of the batch affect Windows Vista, or one of its components, such as Internet Explorer 7 or the Windows Mail e-mail client; of the three Vista patches, two are pegged critical.
The advanced notification pinned Windows with three updates, Internet Explorer with one, Outlook Express and Windows Mail with one, and Visio 2002 and Visio 2003 with one.
This was the first early warning in the new, more detailed format Microsoft promised last month when it said customers asked for additional information to plan their patching schedules. Each of the six expected updates was recapped with short description, severity rating, description of potential impact, whether the Baseline Security Analyser will detect patch need, and the affected software.
Seven non-security updates classified "high priority" will also be unveiled Tuesday via Windows Update and Windows Server Update Services, Microsoft said.
The exact number of vulnerabilities patched by each update — many of Microsoft's bulletins plug multiple holes -- the nature of the vulnerability, and possible workarounds, however, remained missing. As before, users will have to wait until the bulletins are released for these details.
Even with the new information, it was impossible to predict all of Tuesday's results in advance. Microsoft's Visio 2002 and Visio 2003, for example, have no known unpatched vulnerabilities, so the bug was either found internally by Microsoft or reported privately to the company. Likewise with the Outlook Express/Windows Mail patch; Secunia lists no known bug capable of remote code execution.
The improved clues, however, pointed to at least one open Windows bug. eEye Digital Security reported a remote code vulnerability in Windows 2000, XP, and Server 2003 to Microsoft in late March; those characteristics match one of the six bulletins planned for next week.
Assuming Microsoft releases all six updates, users will have faced 35 bulletins in the first half of 2007, three more than the 32 in the first six months last year.