Microsoft said it plans next week to release 16 security bulletins, including nine critical ones, addressing 34 vulnerabilities in Windows, Office, Internet Explorer and other products.
In its advance notification of its monthly patching cycle released Thursday, Microsoft said the other products affected are its .NET Framework, Silverlight, Visual Studios, SQL Server, and Forefront Threat Management Gateway. Seven of the bulletins to be released Tuesday are rated important. Last month, Microsoft released only two security bulletins, one to repair a critical server flaw.
Next week’s release will include a bulletin for Internet Explorer that addresses “cookiejacking,” which allows an attacker to steal cookies from a user’s computer and access websites the user logged into, Angela Gunn of Microsoft Trustworthy Computing wrote in a blog post.
“Given the prevalence of other types of social engineering methods in use by criminals, which provide access to much more than cookies, we believe this issue poses lower risk to customers,” she wrote. Also, Microsoft hasn’t detected attempts to use the technique, she added.
Also on Thursday, Adobe announced that it plans to release updates for its Reader and Acrobat products on Tuesday.
The updates, which Adobe categorizes as critical, affect Adobe Reader X (10.0.1) for Windows and Adobe Reader X (10.0.3) for Macintosh; Adobe Reader 9.4.3 and earlier versions for Windows and Macintosh; Adobe Acrobat X (10.0.3) for Windows and Macintosh; and Adobe Acrobat 9.4.2 and earlier versions for Windows and Macintosh.