Microsoft has two updates planned for next tuesday: a critical update for the Core XML services (versions 3, 4, 5 and 6) and an important update for all currently supported versions of Windows.

The Core XML services are not installed by default on most versions of Windows, but are included in other software such as Microsoft Office. The vulnerability is rated as critical because it might lead to remote code execution; but from the information released so far it looks to be less critical than the emergency update released last month. The vulnerability will most likely not be exploitable without tricking a user into clicking a link or otherwise manually initiating some action, but we’ll have to wait for the final security bulletin that will be released next week to be sure.

In the meantime you might want to check out MS07-42; that bulletin covers another bug in the Core XML services and gives a good overview of what the implications are.