The security bulletins, which normally consolidate several vulnerabilities under the particular software component affected, provide more detail on vulnerabilities that were hinted at Thursday.
The three critical patches are:
A vulnerability in the way the telephony API in Windows Server 2000 SP 4/XP/Server 2003 processes data and permissions could allow an attacker to take control over a person's computer. The vulnerability was not deemed critical because the telephony service is not enabled by default on Windows XP/Server 2003. Also, in Windows Server 2000/2003, the attacker must have a valid logon credentials and log on locally.
A moderate-level vulnerability in Kerberos and PKINIT could allow the attacker to launch a DOS attack, grab information off the user's computer or spoof the address a user is visiting on the Web. A second moderate-level vulnerability takes advantage of a weakness in Microsoft's remote desktop protocol, which would allow the attacker to launch a DOS attack. The vulnerability affects Windows 2000/XP/Server 2003 platforms.
This month's security update also includes definition updates to Microsoft's malicious software removal tool. The update will remove Spyboter, Bagz and Dumaru bugs from a user's system.
This article was first published on internetnews.com.