In the biggest monthly patch roll-out of the year, Microsoft on Tuesday disclosed 21 flaws in Windows, Exchange, and Office, and said that users needed to "install the update immediately" for the seven bulletins tagged as "Critical."
In the 10 security bulletins posted on its Web site, Microsoft outlined bugs in almost every supported edition of Windows, in the Excel spreadsheet, and in Exchange 2000 and 2003.
The previous 2004 record for the largest number of security bulletins released in a month was July, when the Redmond, Wash.-based developer posted eight. In April, however, Microsoft noted two dozen vulnerabilities collected in four bulletins.
The majority of the vulnerabilities (20 out of the 21) and critically-ranked bulletins (6 of the 7) were within various editions of Windows, ranging from the aging Windows NT to the relatively new Windows Server 2003. The only version that escaped a patch was Windows XP Service Pack 2 (SP2).
Among the wide-ranging slew of bugs was one which makes any program rendering WMF- (Windows Metafile) or EMF-format (Enhanced Metafile) image files a hacker entry point, much like September's JPEG bug opened up Windows to hijack via that image file format.