Microsoft's monthly patch train rolled through today bearing a cargo of fixes uncharacteristically low on the peril scale. Today we have patches for two moderate and one important security vuln.

First up, a Microsoft Outlook flaw could allow hackers to inject hostile code on PCs (MS04-009 (http://www.microsoft.com/technet/security/bulletin/ms04-009.mspx)). The flaw stems from incorrect parsing of specially crafted "mailto" URLs by certain versions of Outlook. Users of Office XP and Outlook 2002 need to apply a Redmond-supplied band-aid to avoid the risk of being rooted should they visit a maliciously-constructed website.

Microsoft describes this fix as "important" - its second highest severity classification. Microsoft says that default installations of Outlook make exploitation difficult, hence a slightly lower risk assessment. Hmm.

Next up, there's a moderate vuln in Microsoft MSN Messenger (MS04-010 (http://www.microsoft.com/technet/security/bulletin/ms04-010.mspx)). This creates a means for crackers to view files on a user's hard disk providing he knows the location of a file and a user's login details. Microsoft suggests a hacker would have to know a great deal about a user. But it is still pulling out the stops to get a fix out there.

An auto-update for MSN Messenger users begins early next week. However, the "Messenger team is working overtime to pull that date in closer", Microsoft's spin-doctors tell El Reg. Still concerned? If so, Updated MSN Messenger client software should be posted at the Messenger MSN (http://messenger.msn.com) home page later today.

Lastly, there's vulnerability in Windows Media Services component of Win 2K which carries a moderate DoS risk (MS04-008 (http://www.microsoft.com/technet/security/bulletin/ms04-0008.mspx)). ®