Microsoft issues five critical security patches

Microsoft on Tuesday issued five "critical" security patches designed to address vulnerabilities in Windows, Microsoft Office, and Internet Explorer.

The five critical patches were included among eight bulletins that Microsoft released as part of its Patch Tuesday. The bulletins covered a total of 10 vulnerabilities.

One of the five critical patches is designed to resolve a flaw in Microsoft Office Project, which could allow attackers to take complete control of users' systems if they open a malicious Office Project file.

A second critical patch is designed to tackle GDI (Graphics Device Interface) vulnerabilities in Windows that could allow attackers to remotely execute malicious code if users open malicious EMF or WMF image files. Two years ago, Microsoft faced similar vulnerabilities, forcing the software giant to rush out a fix outside of its monthly patch cycle, noted Dave Marcus, security research and communications manager at McAfee Avert Labs.

This security flaw, along with two Internet Explorer-related vulnerabilities are at the top of the list as a must fix, Marcus said.

One of the security bulletins is a cumulative patch for IE, and the other is designed to resolve vulnerabilities in ActiveX Kill Bits. Both flaws affect users who visit malicious Web sites with IE, which, in turn, allows malicious attackers to execute remote code from their systems.

"We live in a Web 2.0 world," Marcus said. "It's getting more and more popular to send people e-mails with link spam...It's becoming an effective way to compromise people's machines."

Microsoft also issued a critical Windows patch for vulnerabilities in its VBScript and JScript Scripting engines, which could provide attackers with access to users' systems and allow them to install programs, as well as view and change data.