Microsoft is preparing just two security bulletins as part of its monthly patch release cycle on 13 November.

Microsoft uses the term 'security bulletin' to bundle updates that affect a single application or system component. One bulletin can fix one or more vulnerabilities.

One of the bulletins is rated 'critical' and affects Windows Server 2003 and XP. The rating is the most severe in Microsoft severity rating schedule and typically indicates that attackers could exploit the flaw to take control of a system without user interaction.

Microsoft describes the second flaw as a spoofing vulnerability that could allow an attacker to change the address bar in Internet Explorer to hide the fact that the user is visiting a phishing website.

The vulnerability affects only Windows Server 2003 systems and is rated 'important'.
Microsoft issues its security updates on the second Tuesday of each month. The regular releases are intended to allow IT administrators time to prepare for the release.