Microsoft plans a critical patch on Tuesday

Microsoft Corp. is planning two software security fixes -- at least one of them rated as critical -- as part of December's release of security updates.

Both patches are for the Windows OS, according to information on Microsoft's Web site. A critical rating for a bug means that a worm could take advantage of it without the user taking any action.

The patches for the bugs, called "updates" by Microsoft, will come as part of the company's regular monthly patch release cycle. Microsoft releases most software patches on the second Tuesday of each month, a date that has come to be known as "Patch Tuesday" by security professionals.

Microsoft also will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the company's Download Center Web site. The tool will not be distributed using Software Update Services, however.

Additionally, the company will release two non-security, high-priority patches on Windows Update and Software Update Services, and three non-security high-priority patches on Microsoft Update and Windows Server Update Services.

In November, Microsoft released one software patch that addressed three critical security vulnerabilities in the way that Windows processes Windows Metafile, a graphics format used by some CAD (computer-aided design) applications.

Microsoft's statement on next Tuesday's update can be found here: http://www.microsoft.com/technet/security/bulletin/advance.mspx