Microsoft expects to distribute nine patches on Tuesday as part of its monthly security update, one of which should resolve a recently announced flaw that was being actively exploited.

Eight of the fixes address vulnerabilities in Windows, five of which have been assigned a "critical" rating by the software giant. Three others are deemed "important."

The ninth bulletin, graded critical, addresses a zero-day ActiveX bug affecting Office, Visual Studio, ISA Server and BizTalk Server. The vulnerability, which has been leveraged to conduct in-the-wild attacks, resides in the Spreadsheet ActiveX control in Office Web Components, according to an advisory from July.

As users await the fix, Microsoft has been recommending they set a kill bit to prevent Office Web Components from running in Internet Explorer.

The patches are expected to be dropped about 1 p.m. EST on Tuesday.