daily online news

Microsoft released 11 patches on Tuesday to fix vulnerabilities in its software, including three critical flaws in the company's flagship Web browser, Internet Explorer 7.

The three critical security holes in Internet Explorer include memory corruption issues in the browser's HTML rendering capabilities for certain layouts, the handling of a property method, and the browser's processing of arguments when processing images. Microsoft rated all three flaws Critical, it's highest severity rating, for Internet Explorer 7 running on both Windows XP Service Pack 2 systems and Windows Vista systems. A fourth flaw fixed by the patch is rated Important on the most common versions of Windows.

"Today's Microsoft patches underline the need to be aware when opening files and the risk of surfing the Web unprotected," Craig Schmugar, a threat researcher at McAfee Avert Labs, said in a statement discussing the patches. "Many of the vulnerabilities addressed by the fixes could be exploited if a Windows user simply opens a file or visits a malicious or compromised Web site, favorite attack methods among cybercriminals.”

Microsoft's other Critical-rated bulletins include four patches for security issues in Microsoft's Office productivity suite and a patch to close a serious security hole in a component of Microsoft Windows that handles Web Distributed Authoring and Versioning (WebDAV) file commands.

The updates, published by Microsoft on its regularly scheduled patch day, bring the total number of flaws fixed by the company to 20 for the year. In January, the company issued a two bulletins to fix three flaws. Last year, the software giant released 69 bulletins. A report issued by IBM's Internet Security Systems found that fewer software vulnerabilities were disclosed in 2007 as compared to 2006, the first time that ISS's tally has declined.

Microsoft rated five of the patches "Important," its second highest severity rating, fixing issues in the file conversion feature of Microsoft Works and Microsoft Office as well as two vulnerabilities in Microsoft's Internet Information Services (IIS) Web server software, a flaw in Microsoft's ActiveDirectory software, and a security issue in the way Windows handles TCP/IP packets.