Microsoft next week plans to distribute 13 patches, including fixes for two zero-day vulnerabilities that can be remotely exploited.
Tuesday's security update is expected to include five "important" patches and eight deemed "critical," according to an advance notification released Thursday. Among the critical bulletins are fixes for still-outstanding vulnerabilities in the Server Message Block (SMB) network protocol and the FTP service in Internet Information Services.
Workarounds have been assigned to both issues. Microsoft officials have said the company is aware of active attacks targeting the FTP flaw, though it could not confirm anything in the wild regarding the SMB bug.
However, late last month, researchers developed publicly available exploit code for the SMB vulnerability that could enable an attacker to install malware on Windows Vista and Server 2008 machines. Some experts feared the flaw could give rise to a worm like Conficker.
In total, Tuesday's security update will address a whopping 34 vulnerabilities, affecting Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server, according to the advance notification.
