On October 10, Microsoft will issue 11 security bulletins as part of this month's Patch Tuesday. Six of the updates affect Windows, with the highest severity being "critical." Another four patches will cover Microsoft Office, also with critical severity, while a moderate fix is slated for the .NET Framework.
Among the fixes will likely be a patch for the WebViewFolderIcon ActiveX control, which is part of the Windows Shell. An exploit has surfaced for a vulnerability in the control that could result in an attacker gaining the same user rights as a local user. Unlike with the VML fix, Microsoft has waited to patch the WebViewFolderIcon flaw, saying it was unaware of any actual attacks taking place