The most serious vulnerability, according to Microsoft Security Bulletin MS04-009, is a flaw in Outlook 2002 that could allow its Internet Explorer browser to run malicious scripts in the "local machine" zone of an at-risk system. The company says this flaw is mitigated by the fact that an attacker would have to use a malicious Web site to infiltrate vulnerable systems.
Microsoft also fixed a security hole in its MSN Messenger software for versions 6.0 and 6.1, which could potentially allow an attacker to glean personal information from an unpatched system.
The final flaw would allow a denial-of-service attack against Windows Media Services. Both the MSN Messenger and Windows Media Services flaws are ranked as moderate.
Microsoft urges its customers to patch these security flaws. More information on the flaws can be found at microsoft.com/security .