Microsoft has provided advance notice that three "critical" security bulletins will be released in this month's patch batch.

The bulletins will include patches for flaws in Microsoft Corp.'s flagship Windows operating system and the Microsoft Office desktop productivity suite.

As is customary, the software giant isn't providing any details until July 12, when the bulletins are posted.

The three updates represent a relatively small batch of patches, coming on the heels of last month's barrage when Microsoft shipped 10 bulletins, including a "critical" update for the Internet Explorer browser.

This time around, security researchers are expecting another cumulative IE patch to address a known code execution flaw in the widely deployed browser.

Over the last week, Microsoft has been providing pre-patch workarounds and mitigation guidance alongside warnings that potentially destructive exploit code has been posted on the Internet.

Microsoft typically includes IE patches under the Windows umbrella in its Security Bulletin Advance Notice mechanism. However, because IE patches require extensive testing, there have been long delays in the past to get a cumulative browser update out the door.

"When they're motivated to fix things quickly, they can," he added.

eEye maintains a list of unpatched security vulnerabilities and the time that has elapsed since the bug was first reported to the company. According to Maiffret, there are four Microsoft flaws that have not been addressed, including one that is 40 days overdue.

Microsoft is also expected to release an updated version of its malicious software removal tool to add detection for new worms, Trojans and virus variants.

The company will also push out a non-security, high-priority update for Microsoft Office.