Microsoft plans to issue two security patches next Tuesday, one of which earns the dreaded rating of critical, in this year's first edition of its regular Patch Tuesday update cycle.

The critical update covers a flaw that allows the remote execution of malicious software on vulnerable clients, including Windows Vista systems. The patch is also a critical update for Windows XP. The second update, rated as "important", covers an unspecified privilege elevation flaw.

Both patches will require a reboot, as explained in Microsoft's advance bulletin here (http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx).

More details will follow once Microsoft publishes its patches on 8 January. Microsoft also plans to issue five high priority, non-security updates on Microsoft Update and two high priority, non-security updates on Windows Update as well as an update to its malicious software removal tool on Tuesday.

In related news, Microsoft launched a new Security Vulnerability Research and Defense blog (http://blogs.technet.com/swi) late last week. Redmond has run other security-related blogs in the past (such as its Security Response and Anti-Malware Team blog), but the new addition promises to offer more in-depth technical information about vulnerabilities and suggestions about possible workarounds.

Microsoft has taken the unusual step of disabling comments on the blog, something allowed on other Redmond-run sites. Interested parties are invited to submit feedback by email instead. ®

Related stories

MS keeps admins busy with critical Vista patches (4 April 2008)
http://www.channelregister.co.uk/2008/04/04/ms_qt_opera_patch_summary/
Microsoft releases latest XP SP3 build (20 February 2008)
http://www.channelregister.co.uk/2008/02/20/xp_sp3_release_candidate_2/
Microsoft dishes out six critical updates (13 February 2008)
http://www.channelregister.co.uk/2008/02/13/patch_tuesday_february/
SMBs grasp Vista nettle (15 January 2008)
http://www.channelregister.co.uk/2008/01/15/microsoft_windows_vista_smbs/
Microsoft plugs 'critical' hole in Vista (8 January 2008)
http://www.theregister.co.uk/2008/01/08/microsoft_january_patch_release/
Three critical fixes star in Patch Tuesday update (12 December 2007)
http://www.channelregister.co.uk/2007/12/12/dec_black_tuesday_update/
Microsoft readies seven patches for Tuesday (6 December 2007)
http://www.channelregister.co.uk/2007/12/06/microsoft_announces_7_patches_for_december/
Windows update offers defence against shell bug (14 November 2007)
http://www.channelregister.co.uk/2007/11/14/windows_novemeber_patch_update/
Fight malware by upgrading to Vista, urges MS (23 October 2007)
http://www.channelregister.co.uk/2007/10/23/rsa_vista_security_pitch/
Oracle readies mega-update patching 51 security holes (13 October 2007)
http://www.channelregister.co.uk/2007/10/13/oracle_readies_security_updates/
Exploit Wednesday follows Patch Tuesday Word update (11 October 2007)
http://www.channelregister.co.uk/2007/10/11/exploit_wednesday/
MS tweaks Vista with minor updates (30 August 2007)
http://www.channelregister.co.uk/2007/08/30/vista_fixes/