Get ready for eight patches, says Microsoft

As part of its monthly patching cycle, Microsoft on Tuesday plans to release eight security alerts for flaws in the Windows operating system.

At least one of the alerts is deemed "critical", Microsoft's highest risk rating, the company said in a notice posted on its website on Thursday. Last month, Microsoft planned one critical alert for Windows but pulled it at the last minute because of quality issues.

Microsoft rates as critical any security threat that could allow a malicious internet worm to spread without any action required on the part of the user.

Additionally, Microsoft plans to release a security bulletin covering a problem related to Windows and its Exchange email server, the company said. This issue is rated "important", one notch below "critical" on Microsoft's rating scale.

Microsoft's notice did not specify whether any of the patches will be for Internet Explorer, the web browser component of Windows. Several security researchers have come forward with flaws in IE over the past few weeks. Some of these vulnerabilities could let an attacker commandeer a user's PC.

There are several vulnerabilities in IE 6 waiting to be fixed, according to Secunia. The security monitoring company has issued 86 alerts on the web browser since 2003; 20 of those security bugs remain unpatched.

As part of its monthly patch day, Microsoft also plans to release an updated version of the Windows Malicious Software Removal Tool. The software detects and removes common malicious code placed on computers.

Microsoft gave no further information on Thursday's bulletins, other than stating that some of the Windows fixes may require restarting the computer. The Exchange-related patch will require a restart, Microsoft said.

The Redmond, Washington, software maker offers advance notification about patches so people can get ready to install the updates. Microsoft did not release any fixes last month but in August the company released six security bulletins, including three deemed critical for Windows. One of the flaws was exploited days later by the Zotob worm, which wreaked havoc on Windows 2000 systems worldwide.

Microsoft said it will host a webcast about the new fixes on Wednesday at 11:00(PDT).

Joris Evers writes for CNET News.com