At the end of March, Microsoft released an out-of-band patch for a "serious flaw" affecting IE6 and IE7 because the vulnerability was said to be both critical and time sensitive. So what about the flaws that don't warrant an out-of-band patch?
CNet reports that Microsoft will next week release 11 security bulletins addressing a total of 25 vulnerabilities. Spread across Windows, Microsoft Office, and Exchange, five of the bulletins are addressing critical vulnerabilities, five are considered important, and the last is rated as moderate.
All five of the bulletins marked critical as well as three of the important bulletins affect vulnerabilities that allow for remote code execution. Exploit code for two of the vulnerabilities has already been released.
Windows 2000, XP, Vista, Windows 7, Server 2003, Server 2008, Office XP, Office 2003, 2007 Microsoft Office System and Exchange Server 2000, 2003, 2007, and 2010 will all be affected by next Tuesday's patches.