Microsoft has fixed 26 vulnerabilities in 13 security bulletins as part of its Patch Tuesday, including critical ones for Windows that could be exploited to take control of a computer and one that has resided in the 32-bit Windows kernel since its release 17 years ago.

The top priorities for deployment are bulletins plugging holes in the SMB (Server Message Block) Protocol, Windows Shell Handler, ActiveX via Internet Explorer, DirectShow and the 32-bit version of Windows, Jerry Bryant, a lead senior security communications manager at Microsoft, wrote in a blog post.

The DirectShow bulletin should be at the top of the list, according to Bryant. It is critical for all supported versions of Windows except Itanium-based server products. To exploit the hole, an attacker could host a malicious AVI (Audio Video Interleave) file on a website, and lure a user to visit the site or send the file via email so the user could open it.

Source: ZDNet