Single critical flaw awaits repair for November

Microsoft is preparing to release two security bulletins as part of the company's monthly patch release cycle on 13 November. The software maker typically releases more updates.

Microsoft uses the term security bulletin to bundle updates that affect a single application or system component. One bulletin can fix one or more vulnerabilities.

One of the bulletins is rated "critical" and affects Windows versions 2003 and XP. The rating is the most severe in Microsoft severity rating schedule and typically indicates that attackers could exploit the flaw to take over control of a system without any user interaction.

Microsoft describes the second vulnerability as a spoofing vulnerability that allows an attacker to for instance change the address bar in Internet Explorer to hide the fact that the user is visiting a phishing website. The vulnerability affects only Windows Server 2003 systems and is rated "important".

Microsoft issues its security updates on a weekly schedule on the second Tuesday of each month. The regular releases are intended to allow IT administrators to prepare for the release.