Microsoft has released three new software patches, including fixes for the MSN Messenger instant messaging program, Windows Media Services and the Outlook e-mail client.
Only the security hole in Outlook allows attackers to run malicious code on affected computers, and none have rated "critical" by Microsoft.
The company released a patch for Microsoft Office XP Service Pack 2 and Microsoft Outlook 2002 Service Pack 2, which fixes a problem with the way Outlook handles URLs that use the "mailto" tag. That tag allows web page authors to insert links on web pages that launch Outlook or other e-mail clients.
A problem with the way Outlook interprets mailto URLs could allow an attacker to use a specially formatted mailto URL to gain access to files on an affected system or insert and run malicious computer code. The flaw is rated "important".
Computers would have to be running a vulnerable version of Outlook and have the "Outlook Today" home page as their default homepage with Outlook.
"Outlook Today" is only the home page until an e-mail account is created.
Two other software bulletins were both rated "moderate".
A software patch for the security hole in MSN Messenger version 6.0 and 6.1 instant messaging program that could allow an attacker to view information on a user's hard drive secretly.
A problem with the way Messenger treats requests from transfer files between Messenger installations allows attackers to use a specially formatted request to browse the recipient's hard drive and read files without the recipient knowing, Microsoft said.
The last patch fixes a security vulnerability in Windows 2000 Server Service Packs 2, 3 and 4. A problem with the way Windows Media Station Service and Windows Media Monitor Service process TCP/IP (Transmission Control Protocol/Internet Protocol) connections could allow an attacker to send specially formatted TCP/IP packets that shut down either service.
Windows Media Services is a component of Windows 2000 Server that allows customers to manage and distribute Windows Media-format content over the internet.
The vulnerability, which is rated "moderate", could make Windows 2000 Server installations vulnerable to a denial-of-service attack.
Paul Roberts writes for IDG News Service