Microsoft has revealed it will offer 10 updates when it releases its monthly security update next week.
"We're back to a normal load," said Andrew Storms, director of security operations at nCircle Network Security.
"Some may think of it as pretty big, but really, for anyone who's dealt with Patch Tuesday for the last five years, it's what we should be expecting."
Last month, Microsoft issued just one security update, a 14-patch fix for PowerPoint.
Of the 10 updates, six will affect Windows, and one each will patch problems in Internet Explorer (IE), Word, Excel and Microsoft Office. Six of the 10 were marked 'critical', Microsoft's highest threat ranking, while three were judged 'moderate' and one as 'important'.
"The red flag is going to be [the] IE [update]." said Storms. "It's critical, it's on all versions [of Windows], and it's even critical in Vista for IE7 and IE8."
IE8 is Microsoft's most security-conscious browser yet. Next week's update will provide the first-ever production patches for IE8.
Storms also pointed out that it looks like Microsoft won't protect Mac users this month.
"We don't have the PowerPoint for the Mac patches," he said after reviewing the advance notice. Last month, Microsoft took the unusual step of patching the Windows versions of PowerPoint, but not the Mac editions, saying that it didn't want to postpone the update to await Mac fixes.
Attackers had been exploiting the PowerPoint bug in Windows since at least early April. "[But] none of the exploit samples we have analysed will reliably exploit the Mac version, so we didn't want to hold the Windows security update while we wait for Mac packages," Jonathan Ness, an engineer at the Microsoft Security Response Center, explained.
However, Swa Frantzen, an analyst at SANS Institute's Internet Storm Center (ISC), said Microsoft was breaking its own rules about "responsible disclosure" by letting the Mac patches slide.
"We all know from past experience [that] the reverse engineering of patches back into exploits starts at the time - if not before - the patches are released," said Frantzen. "So in the end, Microsoft just released what hackers need to attack."
Other recently-acknowledged bugs may or may not get fixed next week, said Storms. He was pessimistic about Microsoft patching a problem in DirectX that the company confirmed only last week; the bug is actively being exploited by hackers, according to Microsoft.
"It's going to be an all-eyes forward on the IE update. That's the red flag for June," added Storms.
Take part in PC Advisor's Broadband Survey 2009
See also: New Windows security patch doesn't work