Microsoft update to patch critical Windows flaw

A Microsoft update will patch a critical flaw in Windows and fix flaws in MSN Messenger, Visual Studio, and Windows Services for Unix, according to the September advance notification issued by the software company.

Microsoft said the patches are part of five security bulletins to be released next week as part of its normal monthly update cycle.

The Windows update is rated critical and would require a system restart. A flaw in Windows could be exploited by an attacker to conduct remote code execution.

Microsoft said a flaw in Visual Studio, which could allow an attacker to conduct remote code execution would also be patched. Visual Studio is used by software developers to create applications and Web sites in Microsoft's .NET framework.

Other updates will affect Microsoft Windows Services for UNIX and the subsystem for UNIX-based applications, Microsoft MSN Messenger and Windows Live Messenger, Microsoft Windows and Microsoft SharePoint Server. Each of the updates carry a security rating of "important," and do not require a system restart, Microsoft said.

The discovery of an MSN Messenger flaw was announced last week by Danish vulnerability clearinghouse Secunia. Messenger contains an error in how the application handles video conversations, which could be exploited to cause a heap-based buffer overflow. An attack would require that the victim accepts an incoming Web Cam invitation, Secunia said.

In addition, Microsoft said it would release an update to the Microsoft Windows Malicious Software Removal Tool as it does each month. And one high-priority, non-security update on Microsoft Update and none on Windows Update.

Microsoft issued nine security updates in August, plugging holes in Internet Explorer, Excel and other programs within the Windows OS.