After a quiet January Patch Tuesday that saw only one security update, Microsoft is back with a vengeance this month.
The software giant plans to release 13 patches on Tuesday to address 26 vulnerabilities, according to an advance notification. Five of the fixes are rated 'critical', seven are graded 'important' and one is listed as 'moderate'.
Microsoft's latest operating systems, Vista and Windows 7, are each affected by only three of the five critical patches. However, one of the critical bulletins does affect all supported versions of Windows.
Multiple Office flaws are scheduled to be resolved with two patches rated important.
"We encourage customers to upgrade to the latest versions of both Windows and Office," Jerry Bryant, senior security communications manager at Microsoft, said in a blog post on Thursday.
"As this bulletin release shows, the latest versions are less impacted overall due to the improved security protections built in to these products."
One of the three publicly known Windows vulnerabilities is scheduled to be fixed, Bryant said. That one is a privilege-escalation flaw in the Windows kernel, disclosed last month, one day after a Google engineer posted details of the flaw to the Full Disclosure mailing list
Not on the docket next week for a fix is an Internet Explorer vulnerability announced this week and a bug in the Server Message Block (SMB) protocol, revealed in November.
The IE flaw "only affects versions of Windows older than Vista in their default configuration, and there is a 'Fix-It' available so customers in non-default configurations can protect themselves," Bryant said.
Meanwhile, the SMB issue can lead to a denial-of-service that results in a system crash, but not the injection of malicious code.
Administrators should start preparing for the update, said Don Leatham, senior director of solutions and strategy for Lumension, a vulnerability management firm.
"It will be imperative to plan ahead this month on how these patches should be deployed throughout their enterprises to minimise the possibility of widespread disruption," he said.
In other news from the advance notification document, Microsoft plans to drop support for Windows XP Service Pack 2 and Windows 2000 on 13 July.