Six 'critical' vulnerabilities patched in October update

Microsoft has released fixes for nine vulnerabilities in its latest monthly security update.

October's Patch Tuesday includes six patches addressing vulnerabilities deemed 'critical', the highest step in Microsoft's security rating system.

The 'critical' rating usually describes flaws which can allow attackers to remotely install malware on a victim's PC.

Three of the nine patches fixed flaws in Internet Explorer 6 and 7, ranging from a 'critical' flaw that could allow remote execution of code to a 'low-risk' flaw that could allow attackers to spoof URLs.

Users of Windows Vista will be affected by five of the flaws. Vulnerabilities were patched in the Vista versions of Microsoft Mail and Internet Explorer 7, as well as a single 'important' flaw in Vista itself.

Microsoft had originally promised to release an additional security update for an apparent spoofing vulnerability in Windows 2000, XP and Server 2003 which had been rated 'important'. The patch was not distributed due to a "quality control issue".