Microsoft ends 2005 with 'critical' patch

Microsoft has released its last batch of scheduled software bug fixes for the year, including one rated 'critical' and one rated 'important'. 

The 'critical' patch fixes four vulnerabilities in Internet Explorer, some of which are already being exploited with Trojan malware. 

Users had been expecting a patch earlier, since one of the vulnerabilities was reported to the company in June.

The 'important' patch fixes a flaw in the Windows kernel that could allow any code executed on a Windows NT 4.0 or Windows 2000 system to elevate itself to the highest possible local privilege level. 

This means that, once the flaw is exploited, the attacker could obtain full admin rights to the PC, even if the user does not have such rights.

Microsoft also announced a change to the way it emails customers designed to thwart attempts by virus writers to send emails masquerading as security updates.

"Starting in 2006, Microsoft will begin signing all security communications sent in email using industry standard Secure Multipurpose Internet Mail Extensions [S/MIME]," the company said in a statement.

"This change will allow for easier customer verification that email coming from Microsoft regarding security is actually coming from Microsoft.

"S/MIME is supported by default on Outlook Express, Microsoft Outlook, and many third-party email programs."

• The wise man's guide to Christmas shopping
• Win a trip to Las Vegas!