Microsoft issued yesterday four new security updates designed to cover eight security bugs, which include fixes on critical vulnerabilities in Exchange and Internet Explorer. The flaws could allow hackers to launch remote attacks on users’ PCs.

The patches were issued by the company on its monthly Patch Tuesday, with two of the security bulletins being labeled critical. The Microsoft Exchange Server vulnerability, MS09 – 002, is considered to be the most severe, as it leaves users vulnerable to opening an e-mail with an attached malicious file that could execute code on the Exchange Server. From this point on, hackers could take full control of the affected system. The other Exchange Server flaw, MS09 – 003, is also very dangerous, allowing attackers to launch a denial of service attack on users, which would lead to a complete system shut down.

 The other two updates, labeled as important, are MS09 – 004 and MS09 – 005. The first one deals with a vulnerability reported in the SQL Server, which could lead to remote code execution if users who are not allowed access an affected system and the second one covers three vulnerabilities in Microsoft Office Visio that could lead to remote code execution if a users would open a specially crafted Visio file.

The fixes are available for direct download through Microsoft Update or via Automatic Updates. "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights," mentions the company’s bulletin.