Microsoft tackles remote code execution in next Patch Tuesday

Microsoft has released an advanced notification of what's to come in next week's Patch Tuesday, but it remains to be seen whether it will address the zero-day vulnerability missed last month.

IT administrators may want to put a few extra staff on next week, since the majority of bulletins in Microsoft's upcoming Patch Tuesday will cover flaws that could allow hackers to take control of machines.

The advance notification bulletin, released by Microsoft today, details nine points, three of which are rated critical, and the remainder important. The three critical bulletins address vulnerabilities that could potentially enable hackers to remotely execute code and affect most versions of Windows. One of the critical bulletins also affects Internet Explorer, which was one of the focuses of last month's Patch Tuesday.

Other Microsoft products that will also be affected by the bulletins marked important are Office, InfoPath, SharePoint Server and Services, Groove Server and Visual Basic for Applications.

Microsoft has not yet released further details about any vulnerabilities that are expected to be fixed next Tuesday, or whether they are being exploited in the wild, but the company usually reveals these details on the day that the patches are released. The company will set up a webcast to discuss any issues on the Wednesday after.

Last month's Patch Tuesday missed a zero-day vulnerability in Microsoft's XML Core services that Google helped point out, resulting in Microsoft issuing a stop-gap FixIt tool. Today's bulletin doesn't contain enough information to tell whether this will be patched, however, so concerned administrators will have to wait until Tuesday to find out.