Microsoft offers three "critical" patches

Von Todd R.

Microsoft Corp. Tuesday announced three critical security updates to repair vulnerabilities in Windows and Internet Explorer as part of its monthly update report. The release also included four "important" updates to repair other newly-discovered vulnerabilities.

In its monthly security bulletin update, Microsoft said the three critical patches should be applied immediately to guard against remote attackers being able to take complete control of a user"s computer.

The three critical patches are a Cumulative Security Update for Internet Explorer, a fix for the HTML help section in Windows and and an update for the Server Message Block module, according to Microsoft.

The vulnerabilities affect users of Windows 2000 with Service Packs 3 and 4, Windows XP with SP 1 and 2, Windows XP 64-Bit Edition, Windows XP 64-Bit Edition Version 2003, Windows XP Professional x64 Edition, Windows Server 2003, Windows Server 2003 SP 1, Windows Server 2003 for Itanium-based Systems, Windows Server 2003 with SP1 for Itanium-based systems, Windows Server 2003 x64 Edition, Windows 98, 98 Second Edition and Windows Millennium Edition.

The four "important" updates, which are a step down from "critical" updates on Microsoft"s security vulnerability rating scale, relate to the following:

- A vulnerability in Web client service code that could allow remote code execution.

- A vulnerability in Outlook Web access for Exchange Server 5.5 that could allow cross-site scripting attacks.

- A cumulative security update for Outlook Express.

- A vulnerability in Windows interactive training code that could allow remote code execution.