This coming Tuesday, Microsoft will issue fixes for 33 vulnerabilities in total, including two critical zero-day flaws relating to Internet Explorer recently discovered that has been used to attack several high-profile targets.
Internet Explorer 6, 7, 8, 9 and 10 are the recipients of a patch that can prevent an exploit that enables remote code execution in the browser. This affects all Windows operating systems except XP.
The vulnerability (CVE-2013-1347) had previously been addressed in a workaround yesterday, but given the way it was being exploited with attacks reported on the US Department of Labor and European aerospace and nuclear researchers the patch has been prioritised.
A second bulletin deals with another IE vulnerability believed to be one disclosed in March at the annual Pwn2Own hacking competition. At least four of the patches require a restart, Microsoft said.
The remaining eight patches will address flaws that range from denial-of-service errors that can cause Windows to crash, to remote code execution issues in Microsoft Office and Lync.
Also An elevation of privileges that would allow an attacker to gain additional rights to the affected system, and information disclosure issues relating to Windows Essentials 2011 and 2012 will be addressed.
The security fixes will be released on May 14 through the usual update channels, such as Windows and Microsoft Update.