Yesterday, Microsoft released three security updates - one rated "CRITICAL" and two rated "IMPORTANT" - to address eight vulnerabilities in its Windows. The three security bulletins that Microsoft released were MS09-006 (critical), MS09-007 (important), and MS09-008 (important).

MS09-006 is a critical security patch to fix the critical security flaw in the Windows kernel. The critical security update addresses critical image flaw that could allow hackers to launch malicious attacks remotely. It could allow an attacker to execute malicious code remotely through maliciously crafted EMF or WMF image file, luring victims to view a specially crafted EMF or WMF image file without any user intervention.

MS09-007 is important security update to plug a security hole in the Secure Channel (SChannel) security package in Windows. The security update provides protection against spoofing, which is a kind of attack in which victims are redirected to a bogus or dangerous site, through which attackers launch malware or steal credit card info, login credentials or other personal info of victims. The attackers could get access to an end-user authentication certificate.

MS09-008 is important security patch to fix security flaws in the Windows DNS server and Windows WINS server. The security flaws, if exploited, can result in network traffic hijacking.

Commenting on the critical security bulletin - MS09-006, security forensic analyst at Lumension, Paul Henry said, "MS09-006 is going to be a huge undertaking. The broad platform impact of the bulletin suggests that core services of the Windows operating system are to be modified, rather than isolated application components. When working on the core infrastructure, it opens up other applications to potential risk, making a simple patch deployment impossible. To make sure this is secure, IT departments will have to reboot all Windows machines in the entire enterprise."