Installing the latest Windows security patches on all the PCs in a network is causing headaches for IT managers, according to a security vendor.

"It may sound straightforward, but installing the latest Microsoft patches is easier said than done, particularly if you have a regular stream of visitors connecting to your network," said Graham Cluley, senior technology consultant at Sophos.

"Whether it is an employee's desktop PC or a customer's laptop, an unpatched machine represents a possible avenue for a cyber-attack."

Cluley pointed to the monthly release of patches due from Microsoft today as evidence of how important it is to update all machines.

Of the four bulletins in Microsoft's Patch Tuesday schedule, one is described as 'critical' covering security vulnerabilities in software such as Windows 2000 and Windows Live Messenger.

"All organisations should rollout these patches as a matter of urgency, as some of them could enable hackers to access data on a vulnerable PC or run malicious code," said a statement from Sophos.

"However, many firms could still be at risk if they allow guests, business partners or customers to bring unpatched machines into the company and connect to the network."

Cluley added that installing a network access control system can prevent this from becoming a problem because it gives businesses the ability to control who and what is connecting to a network.

"If a PC has not had the correct patches installed, you can prevent it from causing any harm to the rest of your organisation by blocking its access to the network or quarantining the machine until it conforms with company IT policy," he said.

Cluley pointed out that companies face a struggle to ensure that all internal devices are successfully patched because some may be incorrectly configured to receive the updates, while others may not be connected to the network at the time of the roll-out.