Researchers have stated that Microsoft’s record setting security update that is going to be updated soon will patch numerous vulnerabilities in the Windows kernel. A record 64 vulnerabilities will be patched by the next security update that will feature 17 bulletins. Normally much information about the upcoming updates is not revealed in Microsoft’s advance notifications. Andrew Storms, directory of security operations at nCircle security states that nine critical bulletins should affect Windows and this surely indicates that at least one of them will have an impact on the kernel.

According to Storms, one or more kernel patches is a good possibility even if there is not enough to go on the advanced notifications. With the kernel, Microsoft has been having its own share of problems. Seven bulletins affect Windows XP, nine affect Vista and eight affect Windows 7, among the nine critical Windows bulletins that have been scheduled for next week. Though Microsoft has also fixed kernel flaws in all of 2010’s even numbered months, it patched the Windows kernel – the heart of the entire operating system on February 8th. Aaron Portnoy, manager of HP TippingPoint’s security research team gave another clue to the composition of Tuesday’s updates.

French security company Vupen had informed that Microsoft will be patching a record number of flaws and on that Portnoy responded with a confirmation that he had received from ‘kernelpool’ on Twitter. The nickname of Norwegian security researchers Tarjei Mandt on Twitter is ‘kernelpool’. Mandt works for an anti-virus firm headquartered in an Oslo suburb called Norman ASA. Two months ago, Microsoft patched two of the five kernel vulnerabilities that had been reported by Mandt. Mandt led a presentation and published a paper on ‘kernel pool’ exploitation techniques at a recent black hat security conference that was held in Washington D.C. Windows 7 is still vulnerable to generic kernel pool attacks despite of the security measures that were introduced, according to Mandt’s paper.

The fact that Microsoft might close these particular holes eventually has also been suggested by Mandt. Storms have revealed that other fixes in the soon to be released update will focus on Excel and PowerPoint file formats, Internet Explorer, the online version of PowerPoint and GDI+ or Graphics Device Interface --, Windows graphics rendering component. Last month at the annual Pwn2Own hacking contest, an Irish researcher exploited certain IE8 vulnerabilities and Microsoft might patch them too with the update.

The bugs exploited in IE8 have been patched in the IE9, according to Microsoft. Referring to the Microsoft Security Response Center’s blog post that spelled out some details of what will be patched soon, Storms stated that he had expected Microsoft to reveal that they would be patching the Pwn2Own bugs in the MSRC blog but they haven’t done so. Storms further added that Microsoft might be interested in patching IE’s own Pwn2Own vulnerabilities in June. It will surely be a big day for IT administrators, regardless of what Microsoft ends up patching soon.