Microsoft will release 10 security updates on Patch Tuesday next week, including critical patches for holes in Windows, Internet Explorer, Word, Office and Excel.
In addition, Adobe said it will provide security updates for Adobe Reader and Acrobat versions 7.x, 8.x and 9.x for Windows and Macintosh on Tuesday in its first quarterly security update for its popular software for creating and reading PDF files. The critical update will be detailed on Adobe's security-bulletin site.
Meanwhile, the six critical vulnerabilities in Microsoft software could allow an attacker to remotely execute code on a machine, according to the Microsoft security bulletin issued on Thursday.
Three important vulnerabilities in Windows could allow an attacker to elevate privileges and one moderate vulnerability in Windows could enable information disclosure.
Affected products include Windows 2000, XP, XP Professional edition, Vista, Server 2003 and Server 2008; Office 2000, 2003, 2007 and XP; and Microsoft Office 2004 and 2008 for the Mac.
Other affected software includes Office Excel Viewer; Office Word Viewer; Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats; Works 8.5 and 9.0; and Office SharePoint Server.
It is likely that the PowerPoint vulnerability is the same one Microsoft warned about in April and fixed in the Windows version in May.
Missing from the list of patches is one disclosed by Microsoft in its DirectX streaming media technology in Windows that could allow someone to take complete control of a computer using a maliciously crafted QuickTime file.
Talkback
This month will be especially disruptive for desktop/laptop management teams because of an Internet Explorer patch that requires a restart for anyone using Internet Explorer versions 6, 7 or 8 running on XP and Vista. This means that almost every desktop/laptop in every organisation will need the patch and will then require a restart. To help protect organisational productivity, patching teams should take this possibility for wide-scale disruption into account as they make their patch deployment plans.
This month will also be disruptive for organisations that have resisted adoption of more recent technologies from Microsoft. Several of the critical patches including Windows 1 and 2, and Microsoft Office. The vulnerabilities associated with bulletins Windows 1 and Windows 2 are critical for Windows 2000 and will impact companies that continue to use legacy Windows servers in financial services and manufacturing processes (although impacted, the same vulnerabilities on Windows 2003 and 2008 are not rated as critical.) The critical patches for Microsoft Word, Excel and Office will affect users of the legacy Office 2000 suite.