Microsoft Patch Tuesday: Expect 7 Bulletins, 4 Critical

Microsoft plans to release seven security bulletins next week, including patches for critical bugs in Windows, Internet Explorer and Office.

Four of the bulletins address critical vulnerabilities, which is Microsoft's highest security threat classification. The other three, according to an online advisory, are rated important, which is the second-highest rating. While Microsoft said in its Security Bulletin Advance Notification that there will be seven bulletins, there's no word on how many actual vulnerabilities will be fixed.

This month's Patch Tuesday comes on Oct. 9.

Three of the bulletins address flaws in Windows Vista " two of them are critical.

The online advisory also noted that the four critical bulletins all address remote execution problems. The critical bulletins cover flaws in Office, Windows, the Internet Explorer browser, Outlook Express, and Windows Mail.

One important bulletin deals with a denial-of-service problem in Windows, while another one addresses a Windows flaw that enables spoofing. The third important bulletin handles an elevation of privileges bug in Windows and Office.

This month's patch release will come after Microsoft only released four security bulletins in September. That batch of bulletins included one critical and three that were rated important. The critical bug involved a remote code execution vulnerability based in the way the Microsoft Agent handles certain specially crafted URLs, affecting Microsoft Windows 2000 Service Pack 4.

The September patch release was a big swing from the August release, which was the second largest release for the year. August saw nine security bulletins covering 14 vulnerabilities. The batch patched vulnerabilities affected anyone using Windows, according to Amol Sarwate, manager of the Vulnerability Research Lab at Qualys.