Microsoft releases slew of security fixes

SEATTLE — Microsoft Corp. on Tuesday released eight security fixes that carry its highest threat rating of critical, and said all the vulnerabilities could allow an attacker to take complete control of an infected computer system if the user doesn’t apply the patches.

Seven of the critical security vulnerabilities affect various parts of the Windows operating system and server software, including its Internet Explorer browser, media player and instant messaging program. The eighth critical problem is with Microsoft’s Office XP business software.

The Redmond software maker also released another four security fixes that carry lesser threat levels but could still allow an attacker to gain some control of an affected system if left unpatched.

Stephen Toulouse, a Microsoft security program manager, conceded that “this is a month that has a significant number of updates for customers to deploy,” but said the company works to make fixes available as soon as it has them.

Toulouse said anyone running any version of Windows will need to install at least one of the updates. Many of the fixes also apply to Service Pack 2, the massive security upgrade for Windows XP that was released last summer.

Among the fixes is a particularly important cumulative update for Internet Explorer browser, which includes patches for vulnerabilities that have already been made public. Toulouse said some people have figured out how to exploit some of the vulnerabilities patched with this update, but the company isn’t seeing widespread attacks yet.

Still, he noted that since attackers have a head start, these flaws could be exploited much more quickly than others.