Patch Wednesday to plug several critical holes

Six flaws marked as critical and which allow remote code execution will be patched tomorrow as Microsoft releases software updates for Windows operating system variants.

In its advance notification security bulletin for July, Microsoft said the software with critical flaws included the .NET framework and Silverlight, all versions of Office, Visual Studio, Lync, Internet Explorer 6 to 10, and the Windows operating system itself.

All supported variants of Windows from XP Service Pack 3 to the more current desktop operating systems Windows 7 and 8 are affected by the flaws, in both 32 and 64 bit versions. The ARM-based Windows RT that runs on Microsoft's Surface RT tablet is affected by five critical flaws.

Windows Server 2003, 2008, 2008 R2, 2012 and Server Core are also on the list of operating systems needing critical patches.

At least one of the patches is believed to relate to a zero-day kernel memory management issue discovered by Google engineer Travis Ormandy in May this year.

Ormandy was criticised by security experts for releasing details of the flaw to the public without waiting for Microsoft to issue a patch for it first, thus giving malware writers the opportunity to create attack vectors and exploits.

However, the Google engineer blamed Microsoft for his actions.

"Note that Microsoft treat vulnerability researchers with great hostility, and are often very difficult to work with," Ormandy wrote on his blog.

Microsoft did not say if the Windows 8.1 Preview version of the update to its latest operating system is affected by the security flaws.