Microsoft is planning to issue four bulletins in this month's security update on 11 September.

Just one of the four bulletins addresses vulnerabilities deemed 'critical', Microsoft's highest severity rating.

The 'critical' vulnerability lies within a component of Windows 2000 SP4. Microsoft would not state precisely what software within the operating system is vulnerable, but confirmed that Windows XP and Vista are not affected.

Users of the two operating systems will still need to install updates, however.

Microsoft intends to release a fix for privilege escalation vulnerabilities in Windows Services for Unix rated as 'important'.

The component is used to translate Unix code and is included in Windows 2000, XP, Vista and Server 2003.

The remaining two vulnerabilities are both rated 'important', the third of Microsoft's four security risk levels.

One of the bulletins addresses flaws in MSN Messenger and Windows Live Messenger which could possibly allow an attacker to remotely execute code.

The company would not provide details on the flaw, but late last month an independent researcher reported a vulnerability in the application's handling of video chat invites that could allow for remote code execution.

The latest version of Windows Live Messenger is not affected by the reported vulnerability or the bulletin release.

The fourth bulletin addresses a vulnerability in the Visual Studio development tool which could allow for remote code execution.

Also known as Patch Tuesday, the monthly security update is released on the second Tuesday of each month at 11am Pacific time.