Microsoft has released 14 security patches as part of its monthly patch release cycle.
Eight of the updates were rated "critical" and Microsoft labelled the remaining six as "important".
The patches were distributed through eight security bulletins. Microsoft uses bulletins to describe one type of application or technology component.
Windows 2000 and Windows XP were hit the hardest, respectively receiving 4 and 5 of the critical bulletins. Windows Vista was the recipient of 2 critical bulletins.
The August security release contained a bounty of vulnerabilities that offer an appealing target for online criminals who are looking to build botnets or steal confidential information. Four of the critical vulnerabilities could be exploited through a web browser.
One critical vulnerability in Internet Explorer (IE) for instance allows attackers to remotely execute code through a specially crafted website without the user's knowledge. A second flaw in the Vector Markup Language (VLM) opens users of all versions of Windows to remote execution on any of the currently supported IE version.
Thirdly, a security hole in the Object Linking Embedding technology exposes users to the same kind of web based attacks.
The fourth "critical" flaw that can be exploited through the browser is limited to IE6 on Windows XP and Windows 2000 systems. It has less severe security ratings on Windows Server 2003 and IE7.
"Microsoft's patches again underline the trend of malware writers seeking out the Web browser as a means of attack and reinforce the need of safe browsing habits," commented David Marcus security research and communications manager at McAfee Avert Labs.
A flaw in the Graphics Rendering Engine too was rated "critical", although attackers would have to convince their target to open an specially crafted email attachment or download the file from a website.
Attackers could target users of Excel with a specially crafted file that upon infection allows them to take over control of the targeted system. Online criminals over the past months have repeatedly used similar, unpatched Office vulnerabilities in highly targeted attacks. The update replaces a patch that Microsoft issued in July.
The Excel flaw has a "critical" rating for Office 2000 only. It is rated " important" for versions of the productivity suite because users there receive security prompt before the document is opened.
Users can download the patches directly from the Microsoft website, or through the Windows Update feature inside their operating system.
