Microsoft issues slew of critical security patches

Tuesday released its final of 2008, which including a critical flaw in the new search component in Vista and Windows Server 2008.

Six of the eight were listed as "critical" and the final two were rated "important." The final total of patches for the year was 77.

One of the important patches, MS08-076, targets a set of vulnerabilities that when taken together can add up to a critical flaw, according to information Microsoft provided to antimalware vendors. Microsoft, however, does not base its ratings on combinations, just on the individual flaws.

The vulnerability is similar to last month's release of MS08-068, which allowed a hacker to steal a password and use it to log on to a user's machine and gain control of the PC. was nearly 7-years-old before Microsoft patched it.

The Vista and Windows Server 2008 vulnerabilities detailed in MS08-075 stand out because the affected search component was developed from scratch for those platforms under Microsoft's new edict to develop secure code. Experts, however, say the threat of exploit appears to be low.

"It shows that even in the newer code that is highly scrutinized by the security teams at Microsoft and where developers are being held to secure coding standards you can still have problems," says Wolfgang Kandek, CTO of Qualys.