Microsoft has issued eight patches for "critical" security holes in its Windows operating system and specific Windows applications.
Security experts said the extensiveness of the flaws and the time it will take businesses to patch machines means hackers are likely to take advantage of the publicised flaws.
Patches that Microsoft has deemed as "critical" cover:
- Windows, Licensing Logging Service
- Windows, Server Message Block
- Windows, Exchange Server & Office, Object Linking and Embedding and Common Object Model
- Windows, DHTML Editing Component ActiveX Control
- Windows, Cumulative for Internet Explorer
- Windows, Hyperlink Object Library
- Office XP
- Windows, Windows Media Player & MSN Messenger "PNG Processing"
Microsoft said all these security holes could allow a hacker to take complete control of a user’s machine if patches are not downloaded immediately.
Security company Websense said, "Due to the time that it takes to patch machines, and the potential to use a malicious website as an attack vector to exploit these vulnerabilities, we believe that web-based attacks will now start surfacing."
Other "important" or "moderately important" patches cover security openings in Microsoft ASP.net (could allow an attacker to gain unauthorised access to parts of a website), Microsoft Sharepoint (could allow an attacker to modify web browser caches or perform cross-site scripting attacks), the Windows "Shared Resource Connection", and the Windows Shell Component.
The patches are available for download at: