The flaws were detailed in four security bulletins, which urged users to download software patches from Microsoft's Web site.
The flaws in most versions of Microsoft Windows occur in the help function and could allow attackers to gain control of the user's system. Microsoft reported other flaws, which range from moderate to critical severity, in some versions of Microsoft Windows, SQL Server and other software programs.
On another security front, the National Infrastructure Protection Center alerted computers users Thursday to a worm, called the "W32.Bugbear or I-Worm.Tanatos." The worm is sent as an e-mail attachment and "appears to target machines running Microsoft software."
Some subject lines for the e-mail are "bad news," "Membership Confirmation," "Market Update Report," and "Your Gift." The worm has infected more than 22,000 systems since Wednesday, the agency reported, and can give attackers access to victims' personal information and passwords. The agency urged computer users to download a patch issued by Microsoft last year, Microsoft Security Bulletin MS01-027.
The latest bulletins came a day after Microsoft Chief Executive Steve Ballmer sent an e-mail to customers reiterating the company's commitment to improving the security and reliability of its software.
Ballmer noted that customers who report problems through an error reporting system built into Office, Windows and other major software products have helped the company learn more about flaws that cause user errors. He said 1 percent of software bugs cause half of all errors.
The e-mail was to update Microsoft customers on the company's Trustworthy Computing initiative, which Chairman Bill Gates announced in January. The initiative pegged security and privacy as top priorities for the software company.
Microsoft has issued 57 security bulletins so far this year.
Copyright 2002. Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
