Microsoft is planning to release two out-of-band security patches on July 28, 2009.
Officials warned in an advanced security bulletin that the Internet Explorer vulnerability is critical for Windows XP (IE 6/7/8) and Windows Vista (IE 7/8). It's not yet clear whether Windows 7 is affected. The issue is marked as critical and as a Remote Code Execution.
Microsoft also plans to plug a moderate hole in Visual Studio. Microsoft Visual Studio .NET 2003, 2005 and 2008 are all affected and it's thought the Visual Studio patch will solve an issue that can affect certain types of applications.
According to Mike Reavey, Group Manager for the Microsoft Security Response Center (MSRC), "the Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin."
Whilst Microsoft officials declined to comment on the specifics of the issues, both were privately and responsibly reported.
Both patches will be available at 10:00 AM Pacific Time next Tuesday, July 28, 2009. Windows Update will be the primary way for end users to receive the updates.