expects to distribute nine patches on Tuesday as part of its monthly security update, one of which should resolve a recently announced flaw that was being actively exploited.
Eight of the fixes address vulnerabilities in Windows, five of which have been assigned a "critical" rating by the software giant. Three others are deemed "important."
The ninth bulletin, graded critical, addresses a zero-day ActiveX
bug affecting Office, Visual Studio, ISA Server and BizTalk Server. The vulnerability, which has been leveraged to conduct in-the-wild attacks
, resides in the Spreadsheet ActiveX control in Office Web Components, according to an advisory
As users await the fix, Microsoft has been recommending they set a kill bit to prevent Office Web Components from running in Internet Explorer.
The patches are expected to be dropped about 1 p.m. EST on Tuesday.