Microsoft on Tuesday shipped six security bulletins for nine software vulnerabilities, four of which are rated as critical, the company's most serious designation. Most of these bulletins involve flaws in various Windows and Internet Explorer (IE) versions. Two of the fixes concern Microsoft Office products such as Word and Sharepoint.
Two of the bulletins are particularly serious. One, involving IE, fixes four flaws, including one that could allow malicious hackers to remotely control users' PCs using a phishing-like attack. This flaw affects various IE versions, including the latest, IE 7, which is considered much more secure than its predecessors.
The other is a fix for a flaw in Outlook Express and Windows Mail, the email applications found in several Windows versions. These flaws involve the application's ability to read electronic messages designed for USENET newsgroups and could also result in remote control of PCs.
Last week, as usual, Microsoft issued an advance notification about this month's security bulletins, stating that it would ship seven fixes. However, the company fixed only six, noting that it reserves the right to alter the patch delivery schedule. One patch was dropped because of a quality control issue, Microsoft said.
As always, Windows users are advised to leave Automatic Updates configured in the default configuration so that critical security updates are automatically downloaded and installed as quickly as possible. Users opting out of this system can find out more about this month's security fixes by visiting the Microsoft Security Central Web site,