Microsoft plans to release 13 bulletins in this month's Patch Tuesday security update on 9 August, according to the advance notification.
The updates, of which two are rated "critical", will include patches for end users, server administrators, office users and software developers.
Top priority should be given to a critical bulletin that affects Internet Explorer 6 to 9 on Windows 7, XP, Vista, 2003 and 2008, according to Wolfgang Kandek, chief technology officer at security firm Qualys. "If left unpatched, attackers could use this vulnerability to remotely take control of victims' systems," he said.
The second critical bulletin affects Windows server operating systems. "Server administrators should apply patches immediately as this vulnerability also leads to remote code execution," said Kandek.
Both critical patches will require system restarts.
The third remote code execution bulletin is rated "important" and affects only the newest Windows 7 and Windows 2008 operating systems and could be a little difficult to exploit, compared with the other two, he said.
The remaining remote code execution vulnerability, also rated important, is in Microsoft Office Visio.
"We have seen other Visio vulnerabilities fairly recently and recommend including the software in your regular patching cycle and/or have users not using that software remove it from their systems," said Kandek.