Each bulletin covers one or more software vulnerabilities. Five affect the Windows operating system. The maximum severity rating for these bulletins is 'critical'.
The software giant also plans to issue one bulletin covering Microsoft XML Core Service that is rated 'critical'. This is likely to cover a flaw that surfaced earlier this week in the XMLHTTP 4.0 ActiveX Control component of the technology.
Security researchers have detected a limited number of attacks targeting the vulnerability in the wild. The bug could allow an attacker to take control of a system by luring users to a specially crafted website.
Both the XML Core Service and Windows patches require a system restart.
In addition to the security bulletins, Microsoft also is preparing to issue two high-priority non-security updates.
Microsoft issues security updates on a monthly cycle on the second Tuesday of each month. The company provides early notification on the Thursday before the release to allow systems administrators to prepare for the event.
.png&w=100&c=1&s=0)
Private AI vs Public AI: How your organisation can securely adopt AI without compromise and excessive cost
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
