Microsoft fixes 'critical' holes in Windows

Microsoft has released seven security patches covering a wide array of the company's products. Two of those patches fix holes that Microsoft deemed "critical" and warned could allow remote attackers to take control of vulnerable Windows systems. The software updates include fixes for previously unknown holes in Windows, including critical holes in the Windows Task Manager and HTML help features. The company also published a patch for a recent, publicly disclosed hole in the Windows Shell application programming interface (Shell API) and fixed a hole in older versions of the Internet Information Services (IIS) web server that one expert said is well-suited for use in an internet worm.

The seven updates, named MS04-018 through MS04-024, were released in accordance with the company's monthly patching schedule.

At the top of the list were two patches, MS04-022 and MS04-023, which Microsoft said were "critical" and could allow remote attackers to run malicious code on affected Windows systems.

Read Full Story