Important vs. Critical
Many of the other patches fix problems that could give a remote attacker control of the computer, Randy Abrams, director of technical education at ESET, told TechNewsWorld. "They are very serious vulnerabilities."
Microsoft users should download all of the patches no matter how they are rated by Microsoft, he advised.
"Generally, an 'important' rating on a Microsoft bulletin means that the vulnerability won't exploit itself -- a user has to interact in the manner they normally would," he said. "There are some exceptions, but in most cases important updates should be treated as critical updates. Typically, the difference is in Microsoft PR and not in a significant real-world impact."
Some of the vulnerabilities were zero-day exploits, noted Gary Morse, president of Razorpoint Security Technologies. "Usually a vulnerability will get announced, and by the time the exploit code starts making the rounds, a fix is also available,"
"Zero-day exploits leave customers particularly vulnerable because there are no official patches yet available from the manufacturer," he added.