Two security bulletins will be released on Tuesday, one for Microsoft Windows and one for Microsoft Office, fixing eight issues in total which are all rated ‘important’ by the software giant.

The affected operating systems include Windows XP, Vista and Windows 7 whilst various versions of Office, for both Windows and Mac, are also affected.

“We recommend that customers review the Advance Notification web page and prepare to deploy these bulletins as soon as possible,” said Jerry Bryant, senior security communications manager at Microsoft, in a blog post.

“To provide additional guidance for deployment prioritisation, customers should note that both bulletins will address issues that would require a user to open a specially crafted file. There are no network-based attack vectors.”

Bryant also reiterated that Microsoft will be cutting support for various versions of Windows XP, 2000 and Vista.

Windows XP SP2 will no longer be supported from July 13 2010, with those customers encouraged to upgrade to SP3 or Windows 7. Windows Vista RTM will not be supported after 13 July 2010, with support for Vista SP1 ending one year after that. SP2 will still be supported. Extended support for Windows 2000 will also be retired as of July 13, 2010, when the company will cease all updates for Windows 2000.

“A couple of months ago, I started including information about products that are reaching the end of their product lifecycle,” he added. “It is extremely important for customers to move to supported platforms because after the dates below, those products/service packs, will no longer receive security updates.”

Microsoft, who typically release security updates in bulk on the second Tuesday of the month, will issue four updates for Microsoft Windows 2000, XP, Vista and Server editions 2003 and 2008 on November 10, three of which are considered to be “critical”.

All four of the updates for Windows will require a system restart once the download has completed.

Two updates are to be issued for Microsoft Office which will apply to both Windows and Apple Mac versions.

“Customers should plan a restart for the Windows bulletins,” said Jerry Bryant, security program manager for Microsoft Security Response Center in his blog.

“The Office bulletins may not require a restart if the components being updated are not in use.”

Last month, the software giant issued its biggest ever security update, aimed at fixing as many as 34 security vulnerabilities, mainly in Internet Explorer 8 and its latest operating system, Windows 7. Security flaws in Office, Silverlight and other tools were also affected.

The biggest update prior to that also came this year, with ten bulletins issued in June to fix 31 vulnerabilities.

Microsoft will host a webcast to address customer questions on these upcoming bulletins on November 11, 2009, at 11:00am Pacific Time (US & Canada). Computer users are also advised to run a virus scan their antivirus software prior to downloading the updates.

The latest update, which like other Microsoft updates is being released on the second Tuesday of the month, will include thirteen security bulletins to fix 34 known flaws, predominantly closing a loophole exposed with the running of Internet Explorer 8 browser in Windows 7.

In particular, Microsoft have stated that the update will fix two critical loopholes, these being Vulnerabilities in SMB Could Allow Remote Code Execution (975497) and Vulnerabilities in the FTP Service in Internet Information Services (975191).

Flaws in Microsoft Office, Silverlight, Forefront, Developer Tools, and SQL Server will also be fixed by the new update.

The biggest update issued previously by Microsoft’s was released in June 2009, with 10 bulletins designed to tackle 31 vulnerabilities.

Most users will get the updates automatically but download links are also available on Microsoft’s security pages. Once applied to a PC, the machine will need to be re-started before the fixes take effect.

Users are recommended to perform a virus scan with their antivirus software prior to downloading the updates, which will be issued at 10:00am PDT (UTC -8).

Microsoft, who usually release security updates in one monthly release, opted to draw attention to a specific flaw in Internet Explorer which could allow a hacker to secretly take remote control of a user’s PC, urging customers to update their systems as early as possible.

The flaw, which is exploited when a victim unwittingly visits an infected website, potentially allows hackers to remotely take control of victims’ machines.

It’s thought that cyber-criminals have been attacking the vulnerability, which is found in the video playback system in Internet Explorer, for nearly a week, with thousands of sites reportedly hacked to serve the malicious code and users being tempted into visiting by a spam email campaign.

It isn’t the first time that Microsoft has issued security warnings outside of their usual security release, issued on the second Tuesday in the month. Last October, the company issued a number of warnings over the Conficker worm amid fears over the virus’s capabilities. Ultimately, the virus was not as powerful as first thought, being used predominantly to fake antivirus software scams and push spam email campaigns.

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft’s Web site, while the company works on a “patch” – or software fix – for the problem.

Users are advised to update their antivirus software and close the loophole manually. Details on how to do this are available at http://support.microsoft.com/kb/972890#FixItForMe

The worm, which has infected around 9m PC systems around the world, had heavily affected users of Microsoft’s XP and Vista software but users of the newly released Beta version of Windows 7 are now at risk from the virus.

The “Autoplay” function in Vista and early versions of Windows 7 automatically searches for programs on removable drives, such as a USB memory stick, when they are attached.

However, the virus hijacks this process, disguising the executable program file as a folder to be opened. When clicked, the worm installs itself in the registry of the PC.

It then attempts to contact one of a number of web servers, from which it could download another program that could take control of the infected computer. There are also reports that the worm disables the automatic updates features in Windows that would prevent further infection.

The virus, also known as Kido or Downadup, has already claimed a number of high-profile victims in the past weeks.

The Ministry of Defence has been battling an outbreak of the virus across its network whilst a network of hospitals across Sheffield, UK had more than 800 PC’s infected according to The Register.

Users are urged to download the KB958644 Security Update from Microsoft and update their antivirus software immediately to lower the risk of infection.

Users are being advised to download the latest Windows patch from Microsoft and update their antivirus software to ensure that they remain protected from the worm, also known as Downadup, or Kido. The malicious program first emerged in October 2008 but has spread exponentially in recent weeks, highlighting the need for Window’s users to download patch MS08-067.

According to Microsoft, the worm works by exploiting vulnerabilities in the Window’s system, allowing it to search for an executable file called “services.exe”. It then becomes part of that code.

The worm then copies itself into the Windows system folder as a random file of a type known as a “dll”. It gives itself a randomly generated 5-8 character name and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.

Once the worm is up and running, it creates a HTTP server, resets a machine’s System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker’s web site.

What makes this worm different is that where most forms of malware use one of a handful of sites to download files from, making them fairly easy to locate, target, and shut down, Conficker uses a complex algorithm to generate hundreds of different domain names every day, making it extremely difficult to trace the source of the virus and close it down.