Microsoft plans to release 11 patches, including four rated as critical for Internet Explorer, Active Directory, Excel and Host Integration Server.
In the Microsoft advance patch notice for October, issued Thursday,
Details were sparse, as is customary in Microsoft's advance notices, but the company said the critical updates will fix vulnerabilities that could lead to remote code execution by an attacker.
In September, Microsoft released critical updates addressing multiple client-side remote code execution flaws in its Graphics Device Interface (GDI+) that could affect multiple systems and third-party applications. Last month, Microsoft also plugged a remote code execution vulnerability in an ActiveX control in Windows Media Encoder 9.
Microsoft also said it would begin sharing vulnerability information with security vendors this month. The goal is to help the vendors develop signatures and filters prior to the release of patches on the second Tuesday of each month.
Known as the Microsoft Active Protections Program (MAPP), the new plan will be open to security companies that provide defensive technology to large customer bases. Those vendors that could gain access typically sell antivirus, intrusion detection system (IDS) and intrusion prevention system (IPS) software and appliances. Security vendors have been calling for early notification. Microsoft officials also said they've gotten to the point where they could use some help from the rest of the security community.