Microsoft issues seven security patches, two critical

Microsoft has released seven security patches as part of its monthly updating cycle, including a "critical" patch for a Windows Meta File (WMF) vulnerability in Internet Explorer.

The firm also rated another patch for vulnerability in Windows Media Player as "critical." The five other updates are labelled as "important" by Microsoft.

The update for Internet Explorer follows a security advisory on the problem the company issued last week, after the WMF flaw was discovered.

The flaw however only exists in IE 5.01 with Service Pack 4 on Windows 2000, and IE 5.5 with Service Pack 2 on Windows ME, which means that most users are not affected.

The vulnerability could allow remote attackers to take over a user’s machine. Microsoft recommended last week that users should upgrade to IE6 with Service Pack 1.

The vulnerability in Windows Media Player could potentially allow remote attackers to take control of a system using a specially crafted image.