The Redmond, Wash. developer outlined the two bulletins, company-speak for its security updates, in today's .

The light month -- in August, for instance, Microsoft shipped nine updates -- will give IT admins time to prepare for an October update that invalidates all certificates with keys less than 1,024 bits long.

"Customers will want to take advantage of September's quiet bulletin cycle to review their asset inventories," said Angela Gunn of the Trustworthy Computing group, in a .

Microsoft first told users that it was going to disable all digital certificate keys shorter than 1,024 bits in June, saying then that it would issue an update in August to block Windows accessing short keys. Microsoft did ship the update last month, but made it an optional download. On Oct. 9, next month's Patch Tuesday, Microsoft will add the update to the Windows Update stream, effectively pushing it to everyone.

Companies can, of course, delay the October update using patch management software, such as Windows Server Update Service (WSUS).