Microsoft has issued information on five new security bulletins, in addition to the out-of-cycle zero-day vulnerability affecting Windows Animated Cursor remote code execution.

Symantec evaluates two of the most critical issues:

Symantec Security Response rates the Microsoft Agent ActiveX vulnerability to be the most critical of the security bulletins since a successful exploit could allow an attacker  to install malicious code of his/her choice and potentially allow the attacker to gain complete control of the affected system in the worst case scenario.

Microsoft also issued a patch for the vulnerability in Microsoft Client/ Server Runtime Server Subsystem (CSRSS). This remote code execution vulnerability is critical since it affects various versions of Microsoft Windows, including Windows 2000, Windows XP, Windows Server 2003, and Windows Vista. This vulnerable component of Microsoft Windows is downloaded by default and if successfully exploited, the attacker could completely compromise the computer.

Symantec recommends the following actions for IT administrators:
- Evaluate the possible impact of these vulnerabilities to critical systems.
- Plan for required responses including patch deployment and implementation of security best practices using the appropriate security and availability solutions.
- Take proactive steps to protect the integrity of networks and information.

Symantec recommends the following actions for consumers:
- Regularly run Windows Update and install the latest security patches to keep software up to date.
- Avoid opening unknown or unexpected e-mail attachments or Web links from unknown or unverified sources.