Microsoft fixes holes open to worm attacks

Microsoft has released five security bulletins covering a total of eight vulnerabilities - six of which are rated critical, the company's highest risk rating.

All of the patches cover core Microsoft operating system platforms, including four critical vulnerabilities in Windows Vista.

Two of the bulletins (MS09-049 and MS09-048) address flaws in the networking components of Windows Vista and Windows Server 2003 and 2008.

According to security firm McAfee, those flaws let malicious software spread from one PC to another.

"These vulnerabilities are the most likely to be exploited by malicious code and are two of the best worm candidates since Conficker," said Dave Marcus, director of security research at McAfee, in a statement.

"That said, all of today's security bulletins address vulnerabilities that could allow an attacker to take control of a vulnerable PC," he added.

However, Wolfgang Kandek, chief technology for Qualys, noted that the operating system Windows 7 was not one of the operating systems needing patching, which he said was a "pleasant surprise."

He said in a statement: "[It's] most likely an outcome of the additional security measure implemented in this latest version of Windows."

More on the patch is available here.