Also fixes flaws in Windows DNS, but omits Excel update

Microsoft Corp. today patched eight vulnerabilities in Windows, including one rated "critical" that could be triggered by attackers simply by getting users to view a malicious image or visit a malicious site.

Of the three security updates the most serious, and the one to patch first, is MS09-006, researchers said today. That update, which contains three separate vulnerabilities, contains the month's single critical bug.

"It's in all versions of Windows, it's deep in the kernel and in GDI," said Wolfgang Kandek, chief technology officer at security company Qualys Inc. "And you could get exploited in many ways. I could send you an e-mail or I could get you to go to a malicious Web site."

More: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9129342&source=NLT_PM