Microsoft plans to release three security bulletins on Tuesday, May 9, to cover several code execution flaws in Windows and the enterprise-facing Microsoft Exchange messaging and collaboration product.
The patches will carry a “critical” rating and will require a restart after installation, Microsoft said in its advance notification.
Microsoft typically applies a “critical” rating to high-priority vulnerabilities that can be exploited to allow the propagation of an Internet worm without any user action.
Two of the three bulletins will provide fixes for flaws in the Windows operating system, and it is very likely that a cumulative Internet Explorer fix could be included.
Several major flaws in IE are on the waiting-for-fixes list.
Based on 85 advisories published by Secunia between 2003 and 2005, about 25 percent of IE bugs remain unpatched.
More than 40 percent of those advisories are serious enough to be used in system compromise attacks.
For example, according to eEye Digital Securitys upcoming advisories page, a Windows denial-of-service bug reported to Microsoft more than five months ago has not yet been fixed.
The third bulletin will apply to Microsoft Exchange, which is part of the software giants Windows Server System line of products. It is widely used in large enterprises to manage e-mail systems, shared calendars and tasks.