Even though it can't match the record-breaking update in December, it looks like this month's patch Tuesday is still going to be a big one.
Microsoft has announced that it'll be releasing 12 updates next week that address a total of 22 different vulnerabilities - compared to 17 updates and 40 flaws in the update released just before Christmas. Of these, three are rated as critical and the remaining nine are classed as important. The updates will seal holes in Windows, Office, Visual Studio, IIS and Internet Explorer.
The announcement also highlights two specific vulnerabilities that were the subject of earlier Security Advisories, both of which will be fixed. The first deals with a flaw in the Windows Graphics Rendering Engine that could let an attacker run arbitrary code, while the second would allow attackers to execute code remotely by exploiting uninitialized memory during a CSS function in Internet Explorer. Both of these were zero-day attacks that were exploited in the wild, albeit in a fairly limited capacity.
Unfortunately, the MHTML exploit that was announced on Monday and affects all versions of Windows isn't in the patch list, meaning that a fix probably won't appear until next month. Although Microsoft has said that there haven't been any attacks using the exploit yet, it's possible that one could pop-up before the hole is plugged.
More details on all of the updates that'll be made available next Tuesday can be found on the Advance Notification bulletin on TechNet.
