Microsoft on Tuesday issued two security updates, one of them rated critical that fixes nasty bugs in Windows Vista that could allow an attacker to gain complete control over a user's machine.

The patch, which also applies to the XP, 2003 Server and 2000 versions of Windows, plugs two holes in the way the operating systems process Transmission Control Protocol/Internet Protocol (TCP/IP). Attackers could exploit them to remotely execute malicious code without requiring any user interaction.

Redmond issued a separate patch for 2000, 2003 and XP versions of Windows for a bug rated "important." It affected the Windows Local Security Authority Subsystem Service (LSASS) and allowed attackers to run arbitrary code with elevated privileges. Vista is not susceptible. ®

Related stories

• Microsoft will show world+dog how to write secure code (16 September 2008)
• MS readies Vista code injection risk fix (4 July 2008)
• ActiveX update stars in Patch Tuesday critical quintet (9 April 2008)
• MS keeps admins busy with critical Vista patches (4 April 2008)
• Attackers hose down Microsoft's Jet DB Engine (26 March 2008)
• Critical Outlook and Excel bugs star in March Patch Tuesday (12 March 2008)
• Microsoft dishes out six critical updates (13 February 2008)
• Firefox updates, blitzes trio of critical bugs (8 February 2008)
• Will Microsoft parachute Windows 7 in early? (23 January 2008)
• SMBs grasp Vista nettle (15 January 2008)
• Fully patched PCs are a rare breed (9 January 2008)
• MS preps critical Vista patch for Tuesday (4 January 2008)
• Beware of pickpockets and malware-laced banner ads (4 January 2008)
• IE's Acid trip back to conflict (24 December 2007)
• Microsoft spits out final XP service pack, beta version (19 December 2007)
• Cybercrooks lurk in shadows of big-name websites (12 December 2007)
• Three critical fixes star in Patch Tuesday update (12 December 2007)
• Media player users beware: more vulns ahead (10 December 2007)