Microsoft is set to issue 11 security updates next Tuesday.
The company said that some of the Office and Windows updates would be for critical flaws that could be exploited by attackers with no action on the part of users. Six of the patches will be for Windows, and four of them will be for Office. The 11th update will be for a flaw in Microsoft's .Net framework, which is considered less severe than the critical Windows and Office patches.
That day will also marks the end of the line for Windows XP Service Pack 1, which will no longer be supported by Microsoft as of that date. Microsoft has issued an advisory on this issue.
This has not met with the approval of all users however. Although most XP users have migrated to Service Pack 2, released two years ago, lately there has been an uptick of interest in Service Pack 2 migration issues on patch management discussion lists, said Susan Bradley, chief technology officer with accountants Tamiyasu, Smith, Horn and Braun. "There are still people out there using Service Pack 1," she said.
Those who haven't made the move may be running specialised applications that do not support Service Pack 2 but this kind of legacy software issue is usually less pronounced with client operating systems like Windows XP, said Chris Andrew, vice president of security technologies at PatchLink. "Now pretty much everybody is running Service Pack 2, so I don't think there's going to be a significant outcry," he predicted.
Hackers have been keeping Microsoft's Security Response Center busy this past month.
Microsoft generally issues its security patches on the second Tuesday of every month, but last week the company was forced to issue a rare, "out-of-cycle" security patch after criminals began exploiting a flaw in Internet Explorer's VML (Vector Markup Language) rendering engine.
And security experts have also warned of cyberattacks based on unpatched flaws in PowerPoint, Word 2000 and in an ActiveX control (called WebViewFolderIcon) used by the Windows' graphical user interface software.
The WebViewFolderIcon flaw will be patched Tuesday, Microsoft said. Attacks that take advantage of this flaw have been seen on the Internet, the SANS Internet Storm Center warnedearlier this week.
Additional reporting by IDG news service