Microsoft Patches Eight New Security HolesMicrosoft Patches Eight New Security Holes

Microsoft has listed eight software-security vulnerabilities, and the most serious, the company says, could let an attacker control unpatched systems. Microsoft, which issued the security bulletin late Wednesday, has rated this flaw as "critical." All of the flaws are within versions of the Microsoft Virtual Machine, which is found on most Windows PCs, up to and including build number 5.0.3805. The Microsoft VM is used for running Java applications.

The second most dangerous flaw, which Microsoft calls "CODEBASE spoofing vulnerabilities," could let an attacker fool Microsoft's virtual machine into allowing someone to read files on a PC and network drives. Microsoft has rated the other six software vulnerabilities as "low" or "moderate" risk.

The attacks against the software holes are possible through Web pages or HTML E-mail that's designed to exploit the flaws, Microsoft warns.

Under Microsoft's new rating system, issued last month, only software vulnerabilities that could be used by virus writers to develop malicious worms that could spread without user interaction, such as Code Red and Nimda, are rated as critical. "Important" vulnerabilities are those that leave user data exposed or threaten single system resources.

Microsoft is asking users to upgrade to Microsoft VM build 3809, which is available through the Windows Update Web site. More information is available in Microsoft Security Bulletin 02-069, which can be found at www.microsoft.com/security.