Exchange, Windows Fixes on Tap

Microsoft will issue three patches as part of its monthly Patch Tuesday next week, of which at least two have been rated "critical," the company said. It is likely that these patches would fix various code execution flaws.

Two of the patches will be for Windows issues, and the third will be for a flaw in Microsoft's Exchange product. It is believed that one of the Windows fixes could be yet another cumulative security patch for Microsoft's Internet Explorer browser.

Since the company's last cumulative patch just last month, numerous new vulnerabilities have arisen. Both Secunia and eEye Digital Security list several flaws in IE severe enough to pose a system compromise risk.

Microsoft said that any of the three vulnerabilities may require a restart. The Exchange fix will also repair issues in sending e-mail messages from a mobile device, or from a shared mailbox in Exchange 2000 Server and in Exchange Server 2003 as described in a recent Knowledge Base article.

The company also plans to issue an update to the Microsoft Windows Malicious Software Removal Tool, as well as two non-security high-priority updates through Microsoft Update.

"As part of the monthly security bulletin release cycle, Microsoft provides advance notification to our customers on the number of new security updates being released, the products affected, the aggregate maximum severity and information about detection tools relevant to the update," Microsoft said in its advisory.