Microsoft warns of critical Patch Tuesday

Microsoft's September Patch Tuesday will fix five critical vulnerabilities that expose users to remote code execution attacks.

The software company warned of the news in its usual security bulletin, but few details were forthcoming except that all patches have the most severe rating of 'critical' and affect all supported versions of Windows.

Andrew Clarke, senior vice president at endpoint security firm Lumension, said that two patches required updates, causing some disruption in the enterprise.

"As we take a look at the summary numbers, all three of Microsoft's server platforms (2000, 2003 and 2008) have critical vulnerabilities. Therefore both server and desktop management IT groups will be impacted this month," he said.

"Leading the pack this month, however, is Microsoft Vista with four critical vulnerabilities. Given the significant amount of code shared between Vista and Windows 7, it is likely that some of these security bulletins could apply to Windows 7 or Server 2008 R2, but this is not addressed in the information released today.

"Companies with access to the RTM [release to manufacture] builds will want to track the bulletins in the future to see if they are updated to apply to Windows 7 and Windows Release 2."

It is not yet known whether one of the patches relates to the recently disclosed vulnerability in Microsoft's Internet Information Services products.

Meanwhile, Adobe has announced its quarterly patch update will be delayed by a month, because the firm's security team has spent too much time firefighting critical security problems in July.

And Oracle said it was delaying its quarterly patch cycle by a few days, due to many of its customers attending the OpenWorld conference. The date will now be pushed back from 13 October to 20 October.