Microsoft warns of critical 'Patch Tuesday'

Microsoft's September Patch Tuesday will fix five critical vulnerabilities which could expose users to remote code execution attacks.

The company gave advance warning of the news in its usual security bulletin, but few other details were forthcoming except that all patches receive the most severe rating of 'critical' and affect all supported versions of Windows.

Andrew Clarke, senior vice president at endpoint security firm Lumension, explained that two of the five patches would require updates, causing some level of disruption in the enterprise.

"As we take a look at the summary numbers, all three of Microsoft's server platforms (2000, 2003 and 2008) have critical vulnerabilities. Therefore both server and desktop management IT groups will be impacted this month," he said.

"Leading the pack this month, however, is Microsoft Vista with four critical vulnerabilities. Given the significant amount of code shared between Vista and Windows 7, it is likely that some of these security bulletins could apply to Windows 7 or Server 2008 R2, but this is not addressed in the information released today.

"Companies with access to the RTM builds will want to track the bulletins in the future to see if they are updated to apply to Windows 7 and Windows Release 2."

It is not yet known whether one of the patches relates to the recently disclosed vulnerability in Microsoft's Internet Information Services products.

In related news, Adobe has announced its quarterly patch update will be delayed by a month, because the firm's security team has spent too much time firefighting critical security problems in July.

Oracle also said it was delaying its quarterly patch cycle by a few days, due to many of its customers attending the OpenWorld conference. The date will now be pushed back from 13 October to 20 October.