Eight of the fixes address vulnerabilities in Windows, five of which have been assigned a "critical" rating by the software giant. Three others are deemed "important."
The ninth bulletin, graded critical, addresses a zero-day ActiveX bug affecting Office, Visual Studio, ISA Server and BizTalk Server. The vulnerability, which has been leveraged to conduct in-the-wild attacks, resides in the Spreadsheet ActiveX control in Office Web Components, according to an advisory from July.
As users await the fix, Microsoft has been recommending they set a kill bit to prevent Office Web Components from running in Internet Explorer.
The patches are expected to be dropped about 1 p.m. EST on Tuesday.