Microsoft 's last Security Update of the year issued patches for critical security holes in three Microsoft products, but nowhere to be seen was a patch for the latest Word vulnerability.

Released yesterday, the latest Microsoft Security Update features patches for security holes in Visual Studio 2005, Internet Explorer and Windows Media Player. In total, seven patches for 11 bugs are included in the update.

The Update did not include patches for the critical Word vulnerabilities that have become known recently.

The Internet Explorer update concerns versions 5.01 and 6, and patches four different vulnerabilities.

The Visual Studio problem affects the WMI Object Broker function and can lead to malicious code infecting the computer so that an unauthorised user can take over control of the computer.

Besides the critical problems, Microsoft also issued patches for other vulnerabilities in Outlook Express, Remote Installation Service, and Windows.

'Very limited, targeted attacks', says Microsoft

On its blog, Microsoft confirms the vulnerabilities, and that malicious code taking advantages of these security holes exists. The software giant is keen to stress that it involves 'very limited, targeted attacks'.

"When we talk about "very limited, targeted attacks" we specifically mean this in contrast to attacks that affect a broad number of customers randomly. Unlike these broad, random attacks, these very limited, targeted attacks are carried out against a very small number of customers (sometimes only one or two even) and are carried out in a very deliberate fashion against a specific organisation or organisations," writes Christopher Budd on the Microsoft Security Response Center blog .

The Security Updates can be downloaded via Windows Update, Microsoft Update, Windows Server Update Services and Download Center.

The next instalment of Microsoft's Security Update is due on 9 January, 2007. Anna Lagerkvist