Out of the nine bulletins, three will address critical RCE bugs in its products.
Out of the nine bulletins, three will address critical RCE bugs in its products.

Microsoft has scheduled nine bulletins, including three critical fixes, for its Patch Tuesday release next week. With the security update, the tech giant will plug vulnerabilities in Windows, Internet Explorer, .NET Framework, Office and Developer Tools (ASP.NET).

On Thursday, Microsoft published a security bulletin advance notification, revealing that remote code execution (RCE) bugs in Internet Explorer should receive top priority this month. The two remaining critical patches for October, Bulletins 2 and 3, resolve RCE vulnerabilities in .NET Framework and Windows.

Next Tuesday, users can also expect a patch (Bulletin 4) for an elevation of privilege issue in Office deemed “moderate,”  and five fixes flagged as “important” to remediate RCE bugs in Windows and Office, elevation of privilege concerns in Windows, and a security feature bypass issue affecting Microsoft Developer Tools.

In Thursday emailed commentary to SCMagazine.com, Chris Goettl, product manager at Shavlik, said there was a “strong likelihood” that Bulletin 1 would patch “a number of vulnerabilities in the double digits,” affecting IE.

“Since June we have seen a trend of double-digit vulnerabilities regarding memory corruption issues in IE,” Goettl wrote. “Expect this to be a high priority to be rolled out as soon as possible,” he advised.

Microsoft notes that its “critical” patches attend to vulnerabilities “whose exploitation could allow code execution without user interaction.” Attackers often spread malicious code through self-propagating malware, like worms, or when users carry out commonplace online activities like web browsing or opening emails, the tech giant said.