Microsoft has announced that seven patches will be released on Tuesday 12 March.
The bulletins, as Microsoft calls them, comprise four "critical" and three "important" updates. The critical updates address vulnerabilities in Microsoft Silverlight, Internet Explorer, Office and Microsoft Server software. The important bulletins correct issues in Windows and Office.
Java is a mess, says security expert Microsoft patch for zero-day exploit cracked Microsoft addresses critical vulnerability in latest security update
The vulnerabilities in Internet Explorer allow malicious software to be downloaded from infected websites without the knowledge of the user in so-called drive-by attacks. Versions from IE6 to IE10 on all platforms are thought to be at risk.
Drive-by vulnerabilities in Silverlight media software are also being addressed. Again, all versions are thought to be affected whether deployed on Windows or Mac OS X operating systems. This will be the first patch for Silverlight in more than a year.
Microsoft's drawing application Visio and the Microsoft Office Filter Pack also require a critical patch, while the fourth critical bulletin concerns the collaboration tool SharePoint Server.
The remaining updates are all rated "important" and could allow an attacker to alter the privilges on a compromised machine in order to launch further attacks or to allow remote execution of code.
Experts advise that such patches be installed as quickly as possible because, like many threats, drive-by attacks rely heavily on the "patch gap" - the window of opportunity between knowledge of the vulnerability and its repair.
In what promises to be a busy week for systems administrators, Qualsys chief technical officer Wolfgang Kandek told Threatpost that he would prioritise the first bulletin because it fixes a bug that could be exploited to perform a complete machine takeover in all versions of IE.
Microsoft has not described the patches in detail, in order not to give hackers any help in exploiting the vulnerabilities before updates are applied, but it is likely that at least some will be connected to the zero-day flaws found recently in Java.
