Microsoft is planning to release six security bulletins next Tuesday as part of the company's monthly security patch cycle. 

Each bulletin covers one or more software vulnerabilities. Five affect the Windows operating system. The maximum severity rating for these bulletins is 'critical'.

The software giant also plans to issue one bulletin covering Microsoft XML Core Service that is rated 'critical'. This is likely to cover a flaw that surfaced earlier this week in the XMLHTTP 4.0 ActiveX Control component of the technology. 

Security researchers have detected a limited number of attacks targeting the vulnerability in the wild. The bug could allow an attacker to take control of a system by luring users to a specially crafted website.

Both the XML Core Service and Windows patches require a system restart.

In addition to the security bulletins, Microsoft also is preparing to issue two high-priority non-security updates.

Microsoft issues security updates on a monthly cycle on the second Tuesday of each month. The company provides early notification on the Thursday before the release to allow systems administrators to prepare for the event.

• Windows hit by 'extremely critical' zero-day flaw
• Consumer Vista to launch on 30 January