Microsoft plans to issue two security patches next Tuesday, one of which earns the dreaded rating of critical, in this year's first edition of its regular Patch Tuesday update cycle.
The critical update covers a flaw that allows the remote execution of malicious software on vulnerable clients, including Windows Vista systems. The patch is also a critical update for Windows XP. The second update, rated as "important", covers an unspecified privilege elevation flaw.
Both patches will require a reboot, as explained in Microsoft's advance bulletin here.
More details will follow once Microsoft publishes its patches on 8 January. Microsoft also plans to issue five high priority, non-security updates on Microsoft Update and two high priority, non-security updates on Windows Update as well as an update to its malicious software removal tool on Tuesday.
In related news, Microsoft launched a new Security Vulnerability Research and Defense blog late last week. Redmond has run other security-related blogs in the past (such as its Security Response and Anti-Malware Team blog), but the new addition promises to offer more in-depth technical information about vulnerabilities and suggestions about possible workarounds.
Microsoft has taken the unusual step of disabling comments on the blog, something allowed on other Redmond-run sites. Interested parties are invited to submit feedback by email instead. ®