August 20, 2003, 5:26 PM PT

Microsoft alerted PC users to three critical security flaws in Internet Explorer and Windows on Wednesday, as the MSBlast worm and its variants used a previous vulnerability in Windows to spread across the Net for a second week.

The software giant released a cumulative patch for Internet Explorer that fixes several vulnerabilities previously disclosed by the company, and it re-released an advisory for Microsoft's SQL Server software, warning that a flaw in that program actually affects most Windows users.

Users who don't patch their systems could leave the computers open to attack through a fake Web page or an HTML e-mail that contains the specific exploit code, said Stephen Toulouse, security program manager for Microsoft's security response center.

"The Internet Explorer bulletin is rated as 'critical' across all platforms except Windows 2003," Toulouse said. A critical rating is the highest grade that Microsoft assigns to its alerts. The flaws were rated 'moderate'--the second-lowest grade--for Windows 2003, the latest version of the operating system.

http://news.com.com/2100-1002_3-5066511.ht...html?tag=fd_top

Man, this has been a busy two weeks for Windows flaws, exploits and viruses. Kept me in business

Just patched, thanks for the reminder. Anyone still up should do this tonight. My guess is the servers will be all clogged up tomorrow.

Security firm: IE patch does not work

DOH!