Each bulletin covers an application component, and spans one or multiple security vulnerabilities.
Three of the bulletins affect Windows, at least one of which is rated 'critical'. Microsoft also plans to issue three bulletins for Office with at least one rated 'critical'.
A bulletin that affects Windows and the Visual Studio development suite, and one that affects Windows and Office, are both rated 'important'.
Microsoft did not disclose whether the update will include a patch for three vulnerabilities in Word that attackers have been actively exploiting since early December.
The company has previously pointed out that hackers are only using the flaw in highly targeted attacks that reach only a few users.
The advanced notification about the patch release is designed to allow users and enterprise IT staff to make the necessary preparations. The updates are slated for release around 10am Pacific Time on 9 January.
_(23).jpg&h=140&w=231&c=1&s=0)
_(28).jpg&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
iTnews Cloud Covered Breakfast Summit
The 2026 iAwards
_(1).jpg&h=140&w=231&c=1&s=0)
