Published December 12, 2006
REDMOND, Wash. – Microsoft Corp. (MSFT) put out three software patches Tuesday that fix problems carrying a "critical" rating, the company's highest threat level.
All three could let an attacker remotely run code on a victim's computer. The patches close holes in Microsoft's Internet Explorer Web browser, its Windows Media Player program and its Visual Studio 2005 development software.
Four other patches, for vulnerabilities deemed "important," also were released for Windows and its Outlook Express e-mail program.
Computer users with Microsoft's automatic updates feature enabled in Windows do not have to do anything to get these seven repairs. Others should visit Microsoft's security Web site.
Redmond-based Microsoft is still working on a patch for a flaw disclosed last week in multiple versions of its widely used Word word processor.
Microsoft had said it was looking into small-scale reports that hackers had used the vulnerability to take control of computers by sending a rigged e-mail attachment.
Alex Shipp, a researcher for antivirus vendor MessageLabs Ltd., which claims to have discovered the Word flaw, said it appeared that vulnerability was being used by just one criminal outfit in "highly targeted attacks."
So far, Shipp said, the overall impact of the flaw is low.