On Tuesday, Microsoft rolled out six security fixes as part of its regularly-scheduled monthly security patch release. Five of the patches are deemed "critical," the software giant's most serious rating, and, for the first time, one of those critical patches is aimed at Windows Vista, Microsoft's latest client operating system.
Overall, four of the patches were for various versions of Windows, and they come just a week after an emergency "out of band" patch, which the company released to fix a flaw in Internet Explorer's cursor rendering feature. In March, Microsoft didn't release any patches for the first time in several months.
According to Microsoft, critical software flaws could allow malicious hackers to remotely access and control users' PCs. Most Windows users are automatically protected by Microsoft's various software update solutions, such as Windows Update, Microsoft Update, Automatic Updates, and Windows Server Update Services. However, users concerned about these flaws can visit the Microsoft Web site and download them manually as well.
http://www.microsoft.com/athome/security/update/bulletins/200704.mspx
Microsoft also advises users to ensure that they have running firewall, antivirus, and antispyware solutions. Microsoft provides free firewall and antispyware solutions for Windows XP and Vista users, but you'll need to look elsewhere for antivirus. Users on a budget should consider the free version of Grisoft AVG (http://free.grisoft.com), which is excellent. Windows users should also ensure that they're using a modern and secure browser such as Internet Explorer 7 or Mozilla Firefox (http://www.mozilla.com).
In related news, Microsoft also reported Tuesday that it is investigating reports of newly discovered flaws in its Office suite of productivity applications. Three of these vulnerabilities affect Word 2007, the latest version of Microsoft's word processing solution.