Microsoft today posted an advance notification of a pair of security bulletins to be released on Patch Tuesday next week, including a "Critical" one that affects Windows and an "Important" one that affects Office. Windows Server 2003, Server 2008, Office XP, office 2003, Office 2007, Office 2004 for Mac, and Office 2008 for Mac are all affected by the bulletins, Microsoft said.
Compared to previous Patch Tuesday releases, this upcoming one is fairly thin, containing 17 bulletins in all. It was just last month that Microsoft set a record for its biggest Patch Tuesday ever, a release in which Microsoft fixed 64 flaws, besting the previous record of 49 vulnerabilities set in October 2010.. Of the two mentioned in this month's advance notice, both are related to remote code execution and may require a restart.
In a related blog post , Microsoft also said it's making some changes to its Exploitability Index, which is a rating system that helps customers identify the likelihood that a specific vulnerability would be exploited within the first 30 days after bulletin release.
"As of this month, we are making some changes to the rating system to make vulnerability assessment more clear and digestible for customers. Specifically, we will be publishing two Exploitability Index ratings per vulnerability- one for the most recent platform, the other as an aggregate rating for all older versions of the software," Microsoft explains. "This change makes it easier for customers on recent platforms to determine their risk given the extra security mitigations and features built in to Microsoft’s newest products; under the previous system, vulnerabilities were given an aggregate rating across all product versions."