Microsoft is planning to release seven security bulletins as part of its Patch Tuesday monthly security update on 9 October.

Four of the bulletins are rated 'critical', the company's highest alert level. If exploited, each could allow an attacker to remotely execute code.

The remaining three flaws are rated 'important', the second-highest alert level. Privilege escalation, denial of service and information spoofing are possible consequences of an exploit.

Microsoft uses the term 'bulletin' to describe one or more vulnerability fixes for a certain component or application.

Three of the bulletins address flaws in Windows Vista, including a vulnerability in Internet Explorer 7 deemed 'critical'.

Windows XP users will need to install four of the bulletins, including three 'critical' fixes for the operating system itself and one for Internet Explorer.

A second operating system flaw and an Outlook Express vulnerability were rated 'important' for XP users.

Other software affected by the update includes Windows Server 2003, which was subject to five of the fixes, three deemed 'critical'.

Mac users will be included in the update for the second consecutive month. Microsoft plans to release a fix for the OS X version of Office 2004 that addresses an 'important' security flaw.