Admins warned of Microsoft patch avalanche

Microsoft's next Patch Tuesday round of updates and security fixes will include 13 patches, including one for the release-to-manufacturing version of Windows 7.

All previous versions of the operating system will also be patched, along with Internet Explorer, Office, SQL Server and, ironically, the firm's Forefront Security client software.

Eight of the fixes are rated as 'critical' in that they could allow for remote code execution.

"For October we are releasing 13 bulletins (eight 'critical' and five 'important'), addressing 34 vulnerabilities affecting Windows, IE, Office, Silverlight, Forefront, Developer Tools and SQL Server. Most of these updates require a restart, so please factor that into your deployment planning," said Microsoft in an October 2009 Bulletin Release Advance Notification.

Andrew Clarke, senior vice president at security firm Lumension, warned that failing to apply the patches as soon as they are available could put companies at risk of sophisticated web attacks.

"Bulletin 5 presents an increased threat for 'drive-by malware' because it concerns the most current versions of IE - versions 7 and 8 - on multiple operating system platforms, making this vulnerability a prime target for web-borne malware and malicious web operators," he said.

"If exploited, it could allow the propagation of an internet worm without user action."

Dirk Knopt, technical editor at security firm Avira, added: "Administrators should prepare for these updates and install them as soon as possible."

The updates will be available on Tuesday 13 October at 10am PDT (6pm BST).