A total of 13 bulletins have been pre-announced. Eight are rated critical, and the remaining five are important. Twelve of the bulletins affect Windows itself, and all currently supported versions of Windows (including Server Core installations of Server 2008) are affected by multiple bulletins.
The planned updates include fixes for the SMB vulnerability in Vista and Windows Server 2008, and the FTP vulnerabilities in Internet Information Services (IIS) versions 5.0, 5.1, 6.0 and 7.0.
Although the latter was revealed early in September, Microsoft did not have a fix in time for that month's Patch Tuesday. At the time, Jerry Bryant of the Microsoft Security Response Center said "we are not addressing the IIS/FTP vulnerability announced in Security Advisory 975191 with this month’s security bulletin release. Our teams are still working on an update for this issue and we encourage customers to review the advisory for the most current guidance on this issue."
In addition to Windows, the October list of affected software includes Office, Silverlight, SQL Server, Forefront, and Developer Tools.
As customary, Microsoft will also release a new version of the Malicious Software Removal Tool.