The May edition of Patch Tuesday features patches for three issues rated 'critical' and a fourth rated 'moderate'.
All three critical fixes address issues which could allow an attacker to remotely execute code on a target system, while the fourth plugs a denial-of-service flaw.
Among the fixes is a patch for a vulnerability in the Jet Database Engine used by Windows. An attacker could remotely take control of a system by exploiting the flaw in Windows 2000, XP Service Pack 2 and Windows Server 2003.
Windows Vista, XP Service Pack 3 and Windows Server 2008 are not affected by the flaw.
The most dangerous of the vulnerabilities is the Jet Database flaw, according to security firm Symantec.
"This is a relatively light month with four bulletins that cover a total of six vulnerabilities," wrote Symantec researcher Robert Keith.
"The vulnerability affecting Jet Database Engine is the only update of the bunch. Evidence of this issue being exploited in the wild has been detected."
The second critical fix is for a pair of remote code executions in Word. The fix addresses the flaws in Office 2000, XP, 2003 and 2007. The update also addresses a flaw in Office for Mac 2004 and 2008.
The third critical bulletin addresses a remote code execution flaw in Microsoft Publisher that affects Office 2000, XP, 2003 and Office 2007.
The fourth bulletin, given Microsoft's second-highest security rating of 'moderate', fixes a pair of flaws in Microsoft's Malware Protection Engine that could allow a denial-of-service attack.
The Malware Protection Engine is used by eight Microsoft security products, including Windows Live OneCare, Antigen, Windows Defender and Forefront Security.
Microsoft delivers four security fixes
By Shaun Nichols on May 15, 2008 7:35AM