"The main reason why I think this is the Duqu zero-day patch is that [Bulletin 1] requires a restart, which indicates it's a kernel-level bug that is being patched, and it affects all the same operating systems as in the [November] advisory," said Carey in an email.
Storms also expects that Microsoft will patch the TrueType parsing engine vulnerability identified by Microsoft as the bug Duqu leveraged in its attacks, which began months ago and stopped only in October.
"They'd be silly not to patch Duqu before the end of the year," said Storms. "They had enough time."
Last month, Microsoft said it was working on a Duqu bug patch, but acknowledged it wouldn't be able to deliver a fix in November.
Storms will also look for an update that addresses long-standing issues in SSL 3.0 and TSL 1.0 within Windows. Microsoft released a security advisory in September on the bug after a pair of researchers crafted BEAST, the first-ever practical exploit of the years-old flaw.
The 14 updates slated for next week are three off the record of 17 set in December 2010 and repeated in April 2011.
The total bulletin count for the year -- 100, or 5.6% fewer -- was also down from 2010, and the total number of vulnerabilities patched in those updates was 237, or 10.7% less than last year's record 266.
Mike Reavey, the director of the Microsoft Security Response Center (MSRC), will discuss the year's bulletins next week during the company's usual Patch Tuesday video announcement, but Storms expects Reavey won't focus on the numbers.
"I think they'll talk about how the severity of vulnerabilities has decreased," said Storms. "There do seem to have been fewer criticals than in the year prior."
Storms also pointed out that Microsoft has gone the entire year without issuing an emergency, or "out-of-cycle" update, while it shipped several in 2010.
Microsoft will release the 14 updates at approximately 1 p.m. ET on Dec. 13.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is firstname.lastname@example.org.
Read more about security in Computerworld's Security Topic Center.