Microsoft has issued three Security Bulletins today as part of its monthly Patch Tuesday update, addressing eight separate vulnerabilities, including a critical one in the Windows kernel that could allow hackers to launch malicious attacks simply by getting users to view a malicious image or visit a malicious site. The other two vulnerabilities are privilege elevation flaws and not remotely exploitable, according to the company.
These bulletins, rated as important, address less severe flaws including a spoofing issue in which an attacker can masquerade as someone else along with holes in the Windows DNS server and the Windows WINS server that could lead to DNS cache poisoning. As usual, Microsoft also updated the Windows Malicious Software Removal tool, but notably failed to include a fix this month for an actively exploited Excel vulnerability that allows hackers to launch malware attacks via infected spreadsheet files.