Microsoft Tuesday issued its security fixes for May, fixing six vulnerabilities in four bulletins. All six are client-side issues, with three affecting applications and one affecting Microsoft's security products.
Three of the four bulletins are listed as critical, the most severe of vulnerabilities while one is listed as moderate. The moderate fix is in the security software. MS08-029 addresses two privately reported issues affecting the Microsoft Malware Protection Engine that could allow a specially crafted file to launch a denial of service attack.
MS08-026 addresses two newly-discovered vulnerabilities in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Both flaws could be lessened if the user's computer was set to a more restricted level than Administrator, which is how most computers are configured.