Critical bug fixes are on the agenda for this month's monthly patch update from Microsoft.

The four "important" fixes due out next Tuesday (8 July) for Microsoft SQL Server and Exchange as well as a brace of fixes for Windows. One of the Windows fixes affects Vista and poses a "remote code execution" risk, something that would normally merit a critical tag.

Microsoft will need to come up with a really convincing rationale on why the bug is hard to exploit, to avoid accusations that it's fudging the classification of the vulnerability to avoid negative press.

Windows XP, Microsoft's earlier (supposedly less secure) operating system, is not affected by that Windows bug, but it is affected by a flaw that poses a spoofing risk. Windows Server 2003 and Windows 2000 also need patching against the second flaw, which doesn't affect Vista.

As well as the patches Microsoft also plans to publish an update for its Malicious Software Removal Tool.

More details on the upcoming patches can be found in Microsoft's pre-alert here. ®

Related stories

• MS preps four critical updates for September (5 September 2008)
• MS preps 12 fixes for August Patch Tuesday (8 August 2008)
• Microsoft slams 'sensationalist' Vista analysis (28 July 2008)
• Microsoft kicks Ubuntu update in the hardy herons (12 July 2008)
• Microsoft tells SMBs Vista isn't a risky business (9 July 2008)
• Updated MS DNS patch snuffs net connection for ZoneAlarm users (9 July 2008)
• Microsoft pledges to fight Vista 'myths' (8 July 2008)
• MS issues eleventh hour Snapshot bug workaround (8 July 2008)
• Deployment bug mars Patch Tuesday (17 June 2008)
• Get 'em while they're hot: critical security fixes from Microsoft, Apple (10 June 2008)
• eBay pulls Vista laptop pwned in hacking contest (2 April 2008)
• Microsoft plugs 'critical' hole in Vista (8 January 2008)
• Fight malware by upgrading to Vista, urges MS (23 October 2007)