Only One Patch Due in Microsoft's Monthly Security Fix

September is starting to look like a quiet month for Microsoft's security response team. The software vendor said today that its monthly release of security fixes, expected next Tuesday, will cover only one issue: an unidentified flaw in the Windows operating system.

The bug is rated as critical, meaning that a worm could take advantage of it without user action.

The patch for this bug, called an "update" by Microsoft, will come as part of the company's regular monthly patch release cycle. Microsoft releases most software patches on the second Tuesday of each month, a date that has come to be known as "Patch Tuesday" by security professionals.

Summer Numbers Higher

In August, Microsoft released six updates on Patch Tuesday, and hackers wasted no time in targeting one of the problems the company fixed. Within days a number of different worm attacks that exploited a bug in the Windows Plug and Play service began taking down an estimated 250,000 computers, primarily Windows 2000 systems being run in corporate environments.

When a large number of patches get released, companies can spend the entire month testing the new software to make sure it works with their existing applications, but with only one bug to be patched this month, things should be much easier, says Steve Manzuik, a product manager with eEye Digital Security's research group.

"I think September will be quiet," Manzuik says. "When we get six, seven, eight, or nine patches, it gets to be a bit more difficult."

For more information, see Microsoft's security notice.