Microsoft marked Valentine's Day with the release of seven patches - two critical and five important - as part of its regular monthly "Patch Tuesday" update cycle. The most serious security vulnerabilities involve flaws in Internet Explorer and Windows Media Player.

The IE patch (MS06-004) covers a cumulative update of security fixes. The (more noteworthy) Windows Media Player flaw creates a route for a malicious bitmap file (BMP) to inject malign code on vulnerable systems. It's similar in type to the Windows WMF flaw that became the subject of a large number of Trojan attacks in late December. But the latest vulnerability is harder to exploit and is not currently the subject of any hacker action. Nonetheless, Media Player versions 7.1 through 10 all need patching.

Microsoft's security bulletin, which gives a full run down of all seven flaws, can be found here. ®

Related stories

• MS patch glitch cripples HP computers (18 April 2006)
• Patches released for zero-day IE threat (29 March 2006)
• eEye issues workaround against unpatched IE flaw (28 March 2006)
• MS issues Office überpatch (15 March 2006)
• MS avoids Oz PC time shift catastrophe (21 February 2006)
• UK.gov repels zero day WMF attack (24 January 2006)
• More cracks appear in Windows (11 January 2006)
• Windows users waiting for serious fix (3 January 2006)
• MS releases IE überpatch (14 December 2005)