Microsoft released the usual patches for its software, including Internet Explorer, Outlook Express, Word and Kodak Image viewer.

Out of six patches that fix nine vulnerabilities, four are deemed “critical” and two (one for Windows SharePoint and one for a vulnerability in the remote procedure call) are treated as “important.”

The critical patches concern Microsoft’s Word, Internet Explorer, Kodak Image Viewer and Windows Mail/Outlook.

According to the company’s security bulletin, a vulnerability that exists in the way Kodak Image Viewer, formerly known as Wang Image Viewer, handles specifically crafted images files could allow for remote execution of malicious code. The same could happen with Outlook Express and Windows Mail, which have a bug when it comes to handling a malformed NNTP response, giving a malevolent person the opportunity to take control of a user’s machine by crafting a bogus Web-page and luring the user to it.

According to Terry McCoy, Program Manager, Internet Explorer Security, the updates for Internet Explorer “address 1 remote code execution and 3 spoofing vulnerabilities. This bulletin also includes killbits for some vulnerable ActiveX controls.”

The updates are rated “Critical” for IE 5.01, IE6 Server Pack 1 on Windows 2000, IE6 on Windows XP, IE7 on Windows XPSP2 and IE7 in Windows Vista; “Moderate” for IE6 on Windows Server 2003 and IE7 on Windows Server 2003.

The critical update for a privately reported Word hole addresses a vulnerability that could allow remote code execution if a user opens a specially crafted Word file with a malformed string.

Security specialists consider though as the most important update the fix for the RPC (remote call procedure) vulnerability.