Another expert, Lumension security and forensic analyst Paul Henry, theorized that one of the IE updates might be related to recent vulnerabilities in Oracle's Java. Like other browsers, IE relies on an Oracle-provided plug-in to parse Java code.
"It's possible that this is related to the recent and ongoing Java issues," said Henry in an email Thursday. "Microsoft has a very close relationship with Oracle, so it wouldn't surprise me if these bulletins include Java patches."
Last week, Oracle accelerated the release of its regularly-scheduled security update -- initially slated to ship Feb. 19 -- citing "active exploitation 'in the wild' of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers."
Oracle's early update came in the aftermath of several embarrassing "zero-day" vulnerabilities -- and the emergency patches necessary to quash those bugs -- as well as harsh criticism leveled by security professionals against Oracle for its handling of Java's problems.
Next week's fifth critical update affects Exchange Server 2007 and Exchange Server 2010, the second- and third-most-recent versions of Microsoft's email server software.
While details were absent -- Microsoft's advanced notification is always bare bones -- Storms said the simple fact that the update was judged critical and for Exchange should be enough to raise the antenna of IT pros. "They always concern me because Exchange is the critical business application," said Storms.
A patch failure or compatibility problem in an Exchange update could conceivably knock out a firm's email, with all the resulting chaos that creates among workers, and the conflict between them and IT.
Microsoft will release next week's 12 security updates on Feb. 12 at approximately 1 p.m. ET.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at 
@gkeizer, on Google+ or subscribe to Gregg's RSS feed 
. His email address is gkeizer@computerworld.com.
See more by Gregg Keizer on Computerworld.com.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
