Microsoft has issued the July edition of its monthly Patch Tuesday security update.

Four bulletins address nine software vulnerabilities in various components of Windows, Outlook and Exchange Server.

Each bulletin carries a maximum security rating of 'important', marking the first time since March 2007 that Microsoft has not issued a 'critical' security fix in its monthly update.

The first bulletin addresses a pair of flaws in Windows DNS which could allow an attacker to reroute web traffic.

Another update addresses a flaw in Windows Explorer which could allow an attacker to remotely take control of a targeted system.

Microsoft also fixed two vulnerabilities in Exchange Server 2003 and 2007 which could be exploited by an attacker to gain elevated privileges on a server.

The fourth bulletin addresses four vulnerabilities in SQL components for Windows 2000, Server 2003, 2007 and 2008. The most severe could allow an attacker to remotely execute code on a targeted system.

A flaw in an ActiveX control for Office was not patched in the update. Microsoft is still investigating the attacks and has not yet said when a fix will be released.

Dave Marcus, director of security research and communications at McAfee, insisted that, despite the low risk of the patched flaws, administrators should still install the update as normal.

"July offers a summer break for patching and, although this is a minor patch, McAfee encourages all customers to update according to their risk management strategy and protect the integrity of their systems and data," he said.