More than half of the 20 patches -- 11 total -- were labeled "Critical," the highest rating in Microsoft's four-step threat scoring system.
Among the updates are several that tackle long-standing problems in numerous editions of Microsoft Office, including six patches for Word, and one each for PowerPoint and Excel.
But the update deemed by analysts to be most important is MS07-010, which patched a critical bug in the malware scanning engine used by Windows OneCare, Windows Defender and the Forefront Security and Antigen products. The flaw, said Microsoft, could be leveraged by a hacker to hijack a supposedly protected PC because the scanning engine improperly parses PDF (Portable Document Format) files. Attackers could feed malformed PDFs to PCs via e-mail, for instance, and grab control of the machines without any interaction from users.
According to Microsoft, the scanning engine bug hasn't been used yet by attackers.
No matter, said Amol Sarwate, who manages Qualys' vulnerability lab. "MS07-010 is the most critical of the bulletins. The flaw in the core protection engine of several Microsoft [security] products can be used to execute attack code on a machine without any user interaction. And this [is the software] which is supposed to protect your desktops and servers from attack."