In April, Microsoft patched with a single bulletin, a record for one update.

Storms said that the multi-bug update coming next Tuesday may fix numerous "elevation of privilege" vulnerabilities or a large number of "DDL load hijacking" flaws.

The former describes a bug attackers can use to gain complete administrative control of a system that they can already access, perhaps through an exploit of a separate vulnerability. DLL load hijacking, on the other hand, is the term used for attacks that rely on tricking applications or operating systems into loading a malicious file with the same name as a legitimate DLL, or dynamic link library.

Microsoft has issued more than a dozen DLL load hijacking updates since last November. In May, the Slovenian firm Acros Security announced that were necessary to plug holes in Windows 7 and Internet Explorer 9 (IE9). At the time, Microsoft said only that it was investigating the Acros report.

The sole critical update scheduled for next week affects Windows Vista and Windows 7, but does not impact the much older Windows XP or any of Microsoft's server operating systems.