Microsoft Releases 'Critical' Security Updates For Windows, Explorer

Microsoft on Tuesday released eight software updates for the Windows operating system and Internet Explorer Web browser to patch security holes, five of which the company described as "critical."

PC users can determine if they need the updates by accessing the company's online Baseline Security Analyzer, Microsoft said.

The five critical updates are designed to address security vulnerabilities that could leave Windows or Explorer open to remote code execution -- a technique used by hackers to gain control of a target computer.

The updates apply to Windows Vista, Windows XP and Windows 2000, Windows Server 2003 and Windows Server 2008, as well as Explorer. Users will need to restart their systems after installing the updates, Microsoft said.

Bloggers at security software and research firm Symantec called one of the critical vulnerabilities, a weakness in the VBScript and JScript scripting engines, "the worst of the bunch."

"The components are installed on multiple flavors of Windows and are relatively easy to exploit," the Symantec blog said.

Microsoft typically releases major security updates in the second week of each month.

Microsoft also patched two "important" vulnerabilities that leave Windows open to spoofing and unauthorized user privilege elevation, and a vulnerability that could expose Microsoft Office to remote code execution.

Microsoft also released an updated version of the Windows Malicious Software Removal Tool. The tool is designed to check for, and remove, malware programs such as Blaster, Sasser and Mydoom.

The updated tool can be obtained from the online Windows Update service, Windows Server Update Services or Microsoft's Download Center.