Patch Tuesday to fix four critical flaws in Windows, IE, Office

September's roundup of Patch Tuesday updates includes 14 bulletins in total, fixing issues in Windows, and Internet Explorer, but also Microsoft Office.
Written by Zack Whittaker, Contributor
Many versions of Microsoft Office will be patched this month, as bugs with the productivity suite affect half of all security bulletins.
Image: CNET

Microsoft will release 14 patches on Patch Tuesday — arriving on its namesake day this week — with four of them rated critical.

The software giant said in its latest advanced security bulletin that the most severe security flaws have been found in Microsoft Office, Windows, Internet Explorer, and Windows Server. 

In all, there are eight remote code execution flaws, which can allow hackers to gain access to, or take control of an affected system without user prompts or permission. 

With half of all the patches applying to the company's productivity suite — Office 2007 (Service Pack 3) and Office 2010 (Service Pack 1) are affected — users are advised to patch their systems as soon as possible. The latest Office 2013 release is not affected, however. 

Another round of patches will fix flaws in Windows Server 2003, and Windows XP, which will be phased out of the company's support cycles in April 2014.

Internet Explorer 6 on Windows XP through to Internet Explorer 10 on Windows 8 and RT-based devices face another round of patches. Server-based versions of the browser are rated "moderate," but should still be patched sooner rather than later.

Last month, Microsoft pulled a number of Patch Tuesday updates after server-based Active Directory Federation Services (ADFS) stopped working. The patches were withdrawn after Windows Server 2008 and 2012 users complained.

Microsoft is also expected to issue a number of non-security related fixes to its Surface Pro and Surface RT tablets.

The security fixes will be released on September 10 through the usual update channels, such as Windows and Microsoft Update.

Correction at 1:30 p.m. ET: Updated end-of-support for Windows XP.

Editorial standards