Microsoft has outlined nine of the security bulletins it expects to release for its patch release on Tuesday.

Six of the bulletins address vulnerabilities that have a maximum severity rating of 'critical', Microsoft's highest alert level. The remaining three patches all carry a maximum rating of 'important'.

The potential impact of a vulnerability will commonly vary for different software versions, so Microsoft categorises each bulletin by its maximum risk level.

Five of the nine bulletins concern vulnerabilities found in software for Windows Vista. Of those, two are listed as 'critical' and three as 'important'.

The two critical vulnerabilities affecting Vista lie within the XML Core Services component and Internet Explorer 7. If exploited, both vulnerabilities could allow an attacker to remotely take control of a target system.

The three 'important' fixes address flaws in Internet Explorer 7, Media Player 11, and one bulletin for a flaw in Vista itself.

Other bulletins address critical vulnerabilities in Internet Explorer 6, Office 2000, and both Windows XP and 2000.

Also included in the update is a fix for a critical vulnerability in the OS X version of Office 2004. The same vulnerability is listed as critical for Windows XP and 2000, as well as Visual Basic 6.0.

Microsoft's Virtual PC virtualisation offering will also receive one patch, rated 'important'.

Additional bulletins may be added by Microsoft before the official monthly patch is released on Tuesday, 14 August.