Official warning on Windows bugs

In particular it warned about one bug fixed in the latest batch of security updates that, if exploited, could put a PC under the control of an attacker.
Microsoft's recent update fixed 23 flaws found in Windows software.
Many of these bugs are known to malicious hackers and some are already actively exploited on the net.
Fast fix
Microsoft typically issues security updates for Windows and its associated programs on the second Tuesday of every month. In the August update, seven of the fixes were rated as "critical" - the highest rating.
The DHS was most concerned about the flaw identified in the MS06-040 security report. This identified a problem with the Windows server service that allows attackers to take over machines without users doing anything to help.
A worm written to exploit this bug "could enable an attacker to remotely take control of an affected system and install programs, view, change, or delete data, and create new accounts with full user rights," said the DHS in a statement. As well as overseeing efforts to combat terrorism the DHS also has a role in cybersecurity.
It said it expected the bug to be exploited within 24 hours of its existence becoming known.
Microsoft reported via its security blog that it had already seen a "limited" attack using this bug. It also said that there had been more than 100 million downloads of the MS06-040 fix since it was made available.
The server service bug is found in Windows 2000, XP and Windows Server 2003.
The vulnerabilities fixed by other patches are found in a variety of Windows programs including the Office software suite and the Internet Explorer browser.
One bug being patched is found in Microsoft's PowerPoint presentation software and an exploit code is known to be circulating online. Security experts said 11 other flaws were known to malicious hacking groups.
Users can get hold of the fixes via the Windows Update site or by using the update tool on Windows.

data source BBC®