Microsoft has issued the October instalment of its monthly 'Patch Tuesday' security update.

The latest release includes 11 bulletins addressing a total of 20 security vulnerabilities. Four of the bulletins are rated 'critical', six are listed as 'important' and one as 'moderate'.

Among the critical patches are a fix for a remote code execution flaw in Excel which could allow an attacker to perform a remote malware installation by way of a specially crafted Excel file.

The second critical fix addresses a remote code flaw in Microsoft's Host Integration Server product, while another addresses a problem in the Active Directory component for Windows Server 2000.

The final critical bulletin is a cumulative update for Internet Explorer which includes remote code execution fixes for IE 5, 6 and 7.

Three of the six bulletins rated 'important' address remote code execution, including fixes for the Windows Server Message Block and Internet Printing Service, along with a flaw in the Message Queuing component for Windows 2000.

Three more 'important' bulletins fix privilege-elevation flaws in the Windows Kernel, Virtual Address Descriptor and the Ancillary Function Driver.

The 'moderate' bulletin addresses a vulnerability in Microsoft Office XP SP3 which could be exploited for information disclosure.

David Marcus, security research and communications director at McAfee, warned that the remote code flaws pose the biggest risk to users who do not apply the patch.

"It is the month of remote code execution bugs," he said. "Many of the flaws could allow an attacker to gain complete control over a vulnerable computer by tricking a user into visiting a malicious web site or opening a rigged Office file."