Microsoft has released eight security bulletins on its products, including five concerning vulnerabilities rated "critical".
The critical security holes affect versions of Windows, Internet Explorer, Exchange Server, MSN Messenger and Word. All of them could allow an attacker to take control of an affected system. Users should apply the newly released update immediately, the company advised.
Microsoft disclosed the vulnerabilities and provided patches for each in its regular monthly report on security problems in Microsoft products. The list released Tuesday also included non-critical problems with the Windows user interface or "shell," Message Queuing or "MSMQ" and the Windows kernel.
Microsoft has been putting out monthly security updates since October 2003. Despite the large number of security holes still being announced, the company maintains that the Trustworthy Computing initiative it began in 2002 is benefitting users. Customers who have the newest versions of Microsoft software generally are less affected by newly discovered vulnerabilities, a spokesperson recently claimed.
For example, users who have already rolled out Windows Server 2003 Service Pack 1 don't need to apply any of Tuesday's updates. Also, users of more recent versions of the company's products are more likely to face a threat below the critical level because of features that stymie attackers, he said. However, he acknowledged that there is more ground to cover.
"This is going to be a long-term effort by Microsoft," the spokesperson said. "We are not by any means done."
More information on the bulletins is available here.