Microsoft went «out of cycle» for the WMF patch that they released last week, but they had other patches that they had scheduled for release this month.
Under the regular patch cycle, Microsoft releases security bulletins and patches for them midday on the second Tuesday of the month. On the Thursday before (actually, 3 business days before) they release a limited advance notice about the patches, and that notice is always at this address: https://www.microsoft.com/technet/security/bulletin/advance.mspx
According to the current advance notice plan, on Tuesday, Microsoft will release two «Critical» security updates, one for Windows and one «affecting Microsoft Exchange and Microsoft Office.» Both updates may require a reboot of the computer. The patches will be available as explicit downloads for each platform they affect and through Windows Update and Microsoft Update.
In addition, it appears that Microsoft will release a number of non-security updates which are, nevertheless, labeled «High-Priority».
Unless you were off visiting the moon you should know about last week’s major security story, a vulnerability in Windows’s handling of WMF (Windows MetaFile) files.
On Thursday, Microsoft released a patch for the vulnerability 5 days ahead of schedule. All indications are that the patch works well, but Microsoft only released a patch for Windows 2000, Windows XP, and Windows Server 2003. Virtually all earlier versions of Windows remain vulnerable in one degree or another. See the Microsoft Security Advisory for links to specific patches or use Windows Update.
Microsoft states that earlier versions of Windows, including Windows ME and Windows 98, are not critically affected by this vulnerability because there is no attack vector that is easily available, as there is with Windows XP. They might have said the same thing for Windows 2000, which also lacks a default component that could allow exploitation, but Windows 2000’s place as a current, mainstream product likely made it more important to Microsoft.
While there are strong mitigating factors and effective workarounds for this vulnerability, we (and Microsoft) strongly recommend installing it as soon as possible.
A WMF (Windows MetaFile) is a 16-bit graphics file format with both bitmap and vector information. It has been superceded by the 32-bit EMF (Enhanced Metafile) format for many years, but was very popular for clip art in its day.
Microsoft Update is a web service offered by Microsoft as an enhanced version of Windows Update. It offers updates for Windows and for other Microsoft products, including Microsoft Office.