Microsoft announced today that it will release five security bulletins – one for a flaw deemed “critical” – next week as part of its September Patch Tuesday distribution.
The critical flaw exists in Windows and can be exploited for remote code execution, according to Microsoft's advance notification.
Experts say the lighter-than-usual patch load will offer administrators some time to focus on other network responsibilities.
"This relatively light Patch Tuesday schedule should provide IT administrators some breathing room to update network inventories, address backlogged vulnerabilities, classify assets, prioritize risk and measure recent response times for patch implementation," said Paul Zimski, senior director of market and product strategy at PatchLink.
Four “important” patches will also be released. Two of the bulletins fix bugs allowing remote code execution in Visual Studio and MSN Messenger and Windows Live Messenger.
Two other patches fix flaws allowing privilege escalation attacks in Windows Services for UNIX and the subsystem for UNIX-based applications, Windows and SharePoint Server.
Despite the small size of the release, organizations should take the fixes seriously, Zimski said.
"Although this month may be a reprieve from this year's heavy patch releases, any vulnerability that lends itself to remote code execution should prompt IT administrators to identify which parts of their network are affected and to apply those patches first," he said.
Last month, the Redmond, Wash.-based corporation fixed 14 flaws through the distribution of eight client-side patches. Six August patches fixed critical flaws, including one in the XML Core Services program that can be exploited for remote code execution.
July's Patch Tuesday release included six patches for 11 flaws, including critical vulnerabilities in Active Directory in Windows 2000 and 2003 Server and .Net Framework.
June saw Microsoft's first Windows Vista-only patch, along with five other security bulletins.