MS warns of 8 "critical" security flaws

Microsoft Corp on Tuesday warned of eight "critical" security flaws in its Windows operating system and Office software that could allow attackers to take control of a computer.

Microsoft, whose Windows operating system runs on 90 per cent of the world's computers, issued patches to fix the problems as part of its monthly security bulletin. It was the biggest such update since February 2005.

The company issued a total of 12 patches that address 21 security holes and cover problems in its Windows, Internet Explorer, Word, Powerpoint and Exchange Server products, security experts said.

"The significance of this large number of patches lies in the fact that 19 of them are remote code executions," said Amol Sarwate, manager of the Vulnerability Research Lab at Qualys.

The world's biggest software maker defines a flaw as "critical" when the vulnerability could allow a damaging Internet worm to replicate without the user doing anything to the machine.

Six of the critical flaws related to Windows and two affected Office. Microsoft also issued another two security warnings it rated at its second-highest level of "important" for Windows, as well as one it gave a severity rating of "moderate."

It also warned of an "important" flaw in its Microsoft Exchange software that allows users to send and receive e-mail along with other forms of communication through computer networks.

The company has been working for more than three years to improve the security and reliability of its software as more and more malicious software targets weaknesses in Windows and other Microsoft software.

The latest patches, which are free to Microsoft software owners, can be downloaded at www.microsoft.com/security.