Microsoft today said it will issue 16 security updates next week to patch 34 vulnerabilities in Windows, Internet Explorer (IE), Office, SQL Server and other products.
"It's the usual mishmash for an even-numbered month," said Andrew Storms, director of security operations at nCircle Security. "But to some degree, we expected a big month. And they stayed true to form."
Microsoft typically releases a larger number of updates in even-numbered months, and fewer in odd-numbered months. In May, for instance, Microsoft shipped just two updates -- the company called them "bulletins" -- to patch only three vulnerabilities.
Of the 16 updates, nine will be rated "critical," the highest threat label in Microsoft's four-step scoring system, while the remaining seven will be marked "important," the second-most-dire ranking.
Next week's Patch Tuesday bulletin count will be the second-largest this year, following April's collection of 17 updates, but beating February's total of 12.
The number of bugs Microsoft plans to quash will also be the second-highest in 2011: Microsoft fixed a record 64 flaws in its software portfolio two months ago.
The company also regularly updates IE on even-numbered months, and will patch its browser next week in two separate bulletins, an unusual move. Both IE updates were labeled critical.
All versions of IE will receive one of the updates, including IE9, the newest edition, while the second IE bulletin will affect only IE8 and older versions.
Next Tuesday's IE9 update will be the browser's first since the browser debuted in mid-March, as well as the first pegged critical.
"So, basically it had a critical bug the day it shipped," said Storms.
Storms was referring to Microsoft's testing process, which usually lasts two months or more. That timeline would have precluded an IE9 patch in April, the first update scheduled after the browser shipped.
Beyond the two updates that affect IE, 10 target Windows, two will address bugs in Office -- the Excel spreadsheet and InfoPath, Office's form maker, will receive fixes -- one will patch the Forefront security client, and another will update the .Net and Silverlight platforms bundled with Windows.