Microsoft on Tuesday released eight security bulletins on its products, including five concerning vulnerabilities rated "critical."
The critical security holes affect versions of Windows, Internet Explorer, Exchange Server, MSN Messenger and Word. All of them could allow an attacker to take control of an affected system, according to Microsoft. Users should apply the newly released update immediately, the report advised.
The Redmond, Washington, company disclosed the vulnerabilities and provided patches for each in its regular monthly report on security problems in Microsoft products. The list released Tuesday also included non-critical problems with the Windows user interface or "shell," Message Queuing or "MSMQ" and the Windows kernel.
Microsoft rated the following problems as critical:
- Security Bulletin MS05-019 affects Windows software for TCP/IP and concerns a vulnerability that could allow remote code execution and denial of service. Microsoft recommends the patch for users of Windows 2000 Service Packs 3 and 4, Windows XP Service Packs 1 and 2, Windows XP 64-bit Edition Version 2003 and Service Pack 1, and versions of Windows Server 2003, Windows 98 and Windows Millennium Edition.
- Security Bulletin MS05-020 involves a danger of remote code execution on Internet Explorer. The problem affects various versions of Explorer and versions of Windows 98, Millenium Edition, Windows Server 2003, Windows XP and Windows 2000.
- Security Bulletin MS05-21 deals with possible remote code execution attacks on Exchange Server. The vulnerability affects Exchange Server 2003, Exchange Server 2003 Service Pack 1 and Exchange 2000 Server Service Pack 3.
- Security Bulletin MS05-22 also involves a danger of remote code execution. It affects MSN Messenger 6.2. MSN Messenger 7.0 is not affected.
- Security Bulletin MS05-23 likewise is a remote code execution vulnerability. It affects Microsoft Word 2000, Works Suite 2001, Word 2002, Works Suite 2002, Works Suite 2003, Works Suite 2004 and Microsoft Office Word 2003.
More information on the bulletins is available at http://www.microsoft.com/security/bulletins/default.mspx