Today, Microsoft will be releasing five critical security bulletins for September's Patch Tuesday. Unfortunately, Microsoft has confirmed that it does not include a fix for a serious Internet Information Services vulnerability that we reported on earlier. For now, organizations running effected versions of IIS are still stuck with work-around fixes as work on a patch continues at Microsoft.

All five of the critical issues allow for remote code execution and is spread across multiple versions of the Windows family of operating systems. In addition, two of the updates require a mandatory reboot; some form of enterprise disruption is expected as a result.

Due to the amount of shared code between the various Windows platforms, there is speculation among security experts whether any of the critical security bulletins will affect Windows 7, which is scheduled for general availability on October 22.

For IT professionals though, the RTM version has already been available via their MSDN and TechNet subscriptions since last month. In addition, enterprises with volume license arrangements could also get Windows 7 since last Tuesday, Sep 1.

For more on this story:
- check out this article at eWeek
- check out this article at ChannelWeb

Related Articles:
Microsoft plans out-of-band patch this Tuesday
Serious flaw discovered in Microsoft IIS
Just one security bulletin for Patch Tuesday in May
Four security bulletins for Patch Tuesday next week