Microsoft Patches Eight Security Holes...

Microsoft today released four security updates to plug at least eight security holes in its Windows operating systems and other software. The updates all earned Microsoft's most dire "critical" rating, meaning attackers can exploit the vulnerabilities to break into Windows PCs with little or no help from users.

The most important and urgent of these patches addresses five vulnerabilities in the Windows graphics device interface (GDI), a component of Windows that is used in rendering certain types of images. Hackers could exploit this flaw to compromise Windows PCs just by convincing users to visit a malicious or hacked Web site with Internet Explorer.

Security experts are warning Windows users not to let any grass grow under their feet before applying this patch. The last time Microsoft issued a security update for GDI, cyber crooks were spotted exploiting the flaw within two days of the patch release.

"If I was a bad guy, this is the patch I'd be reverse-engineering as quickly as possible," said Dave Marcus, director of security research for McAfee Avert Labs. Marcus added that while the GDI flaws are mainly a threat to Internet Explorer users who have not applied the patch, the vulnerable Windows components may be exploitable through other applications.

Microsoft also patched a security hole present in Office XP, Office 2003, Office 2007, and Office OneNote2007. Usually, when Microsoft releases Office updates, they are most dangerous for Office 2000 users, but this time around the vulnerability doesn't appear to affect that version.

The two other critical updates fix security weaknesses with Windows Media Player and Windows Media Encoder.

The updates are available through Microsoft Update or via Automatic Updates. After visiting Microsoft Update with my Windows Vista box, Microsoft said my machine needed three "important" updates, plus two "recommended" patches, including a Windows Mail junk e-mail tweak and Microsoft's regular "compatibility update" to make Vista play nicer with other applications. For whatever reason, the monthly updates for Microsoft's malicious software removal tool failed to install. Updating offered my Windows XP system only the fix for the GDI problems, along with the usual updates for the Microsoft malware removal tool, both of which installed fine with no apparent ill-effects or problems.

As always, please drop a line in the comments section below if you experience any problems applying these patches.