"They typically patch IE every other month," said Storms of Microsoft's habitual browser bug fixing during even-numbered months. Four weeks ago, Microsoft patched 13 IE vulnerabilities with the MS12-037 update.
"I think it's fair to say that this will be of high importance," said Storms. "For them to go out of their normal cycle raises the bar."
Other security experts also tagged Bulletin 2 as one to watch next Tuesday when Microsoft issues July's updates.
"Bulletin 2 ... is a bit of a surprise as it breaks the usual cycle of supplying an update for IE every two months," echoed Wolfgang Kandek, chief technology officer at Qualys, in an email today.
Both Storms and Kandek called out Bulletin 1, the critical update that will patch the MSXML vulnerability as the other fix likely to rise on most enterprise to-do lists. The update impacts every supported version of Windows, from Windows XP to Windows 7 on the client side, and from Server 2003 to Server 2008 R2 on the server end.
Bulletin 3, also labeled as critical, will impact only the client versions -- Windows XP, Vista and Windows 7 -- but could also make it onto lists next week.
"Bulletins 1 and 3 are critical bulletins that could result in full compromise [of] systems without user interaction ... so they should be attention-grabbers," said Marcus Carey, a security researcher with Rapid7, in a Thursday email.
Other bulletins will patch bugs in Office 2003 through Office 2010 on Windows, Office 2011 on the Mac, SharePoint Server 2007 and 2010, Office Web Apps 2010, and InfoPath 2007 and 2010.
InfoPath is an electronic form-creation and form-submission product.
"The update for SharePoint Server does raise some concerns, because if you were to take it down for patching or it fails afterward, there goes your enterprise collaboration system," said Storms. "It's as much a core component of many enterprises as Exchange."
Next week will also be the first time that Microsoft uses beefed-up encryption for Windows Update and a strengthened communications channel between its update servers and customers' PCs and servers, Kandek observed.
The changes were part of Microsoft's answer to the Flame espionage malware, and the discovery that Flame had found the "Holy Grail" of hacks by subverting Windows Update. Microsoft's response was to turn its certificate-generation process upside down and revamp how it secures Windows updates.
Although Microsoft initially said it would begin rolling out the Windows Update modifications before June's Patch Tuesday, it reconsidered and delayed the changes until users had a chance to obtain the months' 26 fixes.
Storms and other security experts had called on Microsoft to do just that, worried that if the Windows Update update failed or caused secondary problems, users would be vulnerable to attack because their PCs could not automatically download and install future patches.
Microsoft will release the nine updates at approximately 1 p.m. Eastern time on July 10.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, send email to firstname.lastname@example.org or subscribe to Gregg's RSS feed.
Read more about security in Computerworld's Security Topic Center.