Microsoft Fixes Critical Security Holes

Microsoft has delivered its monthly set of security bulletins that address vulnerabilities in its products. Out of a total of eight updates, five -- involving Windows, MSN Messenger, Microsoft Word and Exchange -- were deemed critical.

The remaining three patches were issued for Windows and classified as "important," Microsoft's second most severe designation.

The critical Windows fixes thwart potential exploits of Microsoft's TCP/IP implementation, as well as several flaws discovered in Internet Explorer. Each of the vulnerabilities, including the ones labeled with the "important" severity rating, permit malicious remote users to obtain complete control over un-patched machines.

Microsoft also issued several non-security updates that include Windows Installer version 3.1, a new release of Background Intelligent Transfer Service (BITS), along with a refresh its Malicious Software Removal Tool to help customers tackle new variants of the Berbew, Bropia Gaobot, MyDoom, and Sober worms.

When asked for comment, a Microsoft spokesperson told BetaNews that, "Home users should visit Windows Update and Office Update to receive the updates that apply to their systems. MSN Messenger 6.1 and 6.2 or users running the MSN Messenger 7.0 beta should upgrade to the latest version, MSN Messenger 7.0, to help be protected."

This month's round of patches follows a March hiatus when no security updates were released. Microsoft experienced its second highest volume of monthly bulletins in February, with a total of 12 patches.