Microsoft to release seven security updates next week

Two of the seven are for at least one critical vulnerability. One of these affects an unusually broad collection of products.

Microsoft has released their advance prenotification for this month's Patch Tuesday updates. The company will release seven security bulletins and updates. Two of the updates will be for at least one critical vulnerability.

Bulletin one (which will likely be released as MS14-030) is a critical remote code execution Internet Explorer bug, affecting all versions of Internet Explorer, including IE11 in Windows 8.1. Like other such vulnerabilities, all server versions of Windows are affected, but at a lesser level of severity because IE runs, by default, in Enhanced Security Configuration. Server Core versions of Windows Server do not include IE and are not affected.

Bulletin two is unusual in that it affects a broad selection of both Windows and Office products. It is a remote code execution vulnerability and rated critical on all versions of Windows, Server Core included. It is also critical on Microsoft Live Meeting 2007 Console and all versions of Microsoft Lync, but not Lync Server. It is also rated Important for Office 2007 and Office 2010. Office 2013 appears not to be affected.

All the remaining vulnerabilities have a maximum rating of Important. Bulletin three affects only Office 2007 and Microsoft Office Compatibility Pack Service Pack 3.

Bulletins four and five describe information disclosure bugs in Windows and Lync Server respectively. Bulletin six is a denial of service bug in all Windows versions since Vista, and bulletin seven is a "tampering" bug, a type not often described. Windows 7, 8.x and Server 2012 are affected.