Microsoft is to release nine bulletins addressing a total of 21 vulnerabilities in its monthly Patch Tuesday security update on 14 February, according to the company’s advance notification.
Four bulletins are classified as "critical,” including an update for Internet Explorer. The remaining five are classified as "important".
The update to Internet Explorer should be the highest priority, according to Wolfgang Kandek, chief technology officer (CTO) of security firm Qualys.
“We saw last month how quickly attackers are incorporating browser-based attacks into their toolkits; an exploit for MS12-004 was detected a mere 15 days after Patch Tuesday,” Kandek said.
There are also two critical fixes for Windows itself, plus one for the .NET framework that should be prioritised, wrote Kandek in a blog post.
In the "important" category, there are three remote code execution vulnerabilities, one of them in Office.
“Most likely we are looking at file-based attacks and at least the Office vulnerability should be included in your first tier of patching,” said Kandek.