Microsoft is planning two software security fixes – at least one of them rated as critical – as part of December's release of security updates.

Both patches are for the Windows OS (operating system), according to information on Microsoft's website. A critical rating for a bug means that a worm could take advantage of it without the user taking any action.

The patches for the bugs, referred to as "updates" by Microsoft, will come as part of the company's regular monthly patch release cycle. Microsoft releases most software patches on the second Tuesday of each month, a date that has come to be known as 'Patch Tuesday' by security professionals.

The firm will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the company's Download Center website. The tool will not be distributed using Software Update Services, however.

Additionally, the company will release two non-security, high-priority patches on Windows Update and Software Update Services, and three non-security, high-priority patches on Microsoft Update and Windows Server Update Services.

In November, Microsoft released one software patch that addressed three critical security vulnerabilities in the way that Windows processes Windows Metafile, a graphics format used by some CAD (computer-aided design) applications.

Microsoft's statement on next Tuesday's update can be found here.