The software giant warned customers that they should apply updates for both Internet Explorer and Outlook Express to fix critical security vulnerabilities that could let attackers run programs on a victim's PC.
"The No. 1 thing that we want people to walk away with is to install the updates so their machine is protected," said Stephen Toulouse, security program manager for Microsoft's security response center.
Internet Explorer 5.01, 5.5 and 6.0 all have four flaws, the worst of which could allow an attacker to take control of a person's computer if a victim were follow links to a Web site or read an HTML (Hypertext Markup Language) e-mail created by an attacker.
A so-called buffer overflow vulnerability, which an attacker can exploit by sending more input to a program than the application expects, could allow the owner of a Web site to run code on the person's computer. Buffer overflows are an old type of vulnerability that still crop up frequently in programs. The flaw occurs in a component of Internet Explorer that delivers Web addresses to the browser from other sources--for instance, if a person clicked on a URL in an e-mail or a Word document.
Two other vulnerabilities allow an attacker to place code on a Web site that would cause the browser to upload a file from a victim's computer. Another flaw affects how the application handles third-party files such as Adobe Systems' portable document format.
The flaw in Outlook Express is in the way that the application handles the encapsulation of HTML in e-mails. A software error in the component allows an attacker to run programs on a victim's computer.
Even Windows users who don't read or send e-mail using Microsoft Outlook Express or browse with Internet Explorer should install the update, the advisories stressed.
The advisories are the software giant's 14th and 15th this year. This is the company'sits myriad of applications under its Trustworthy Computing Initiative.