Microsoft to issue nine patches, four for "critical" bugs

Microsoft is planning to release nine patches on Tuesday to plug 13 holes as part of the software giant's monthly security update.

Four of the patches are rated "critical," while the rest are deemed "important," according to an advance notification issued Thursday. The vulnerabilities to be fixed affect Windows, Internet Information Services (IIS) and Office.

Windows 7 and Windows Server 2008 R2 only are impacted by one of the critical flaws, while XP, Server 2003 and Vista are affected by all four.

While Microsoft wasn't specific on what will be fixed Tuesday, it is possible some of the patches will resolve a new attack vector, involving a class of vulnerabilities known as DLL preloading, that can be used to infect PCs when an application is tricked into loading a malicious library.

Tuesday's update again should serve as a reminder that as of July 13, Microsoft no longer supports Windows XP Service Pack (SP) 2, said Wolfgang Kandek, CTO of vulnerability management firm Qualys.

"As last month, Windows XP SP2 users do not have any patches supplied to them, even though the majority of updates for XP SP3 most likely apply to their discontinued version of the OS as well,"  Kandek wrote in a blog post Thursday. "Windows XP SP2 users should upgrade to SP3 as quickly as possible."