Many Microsoft products are affected by the bugs

The bugs affect Windows, Internet Explorer, Word, Messenger and Exchange. If exploited the loopholes could give an attacker complete control over a compromised computer.

One flaw is found in so much of the net's software that the UK government's national computer security advisor issued its own warning about it.

Users were urged to install the patches to ensure their machine was protected.

Bad bugs

The warnings about the critical vulnerabilities were issued as part of Microsoft's April security update. As well as these most serious bugs, Microsoft warned about three others that it only considered "important" - the second highest rating.

Most of the critical bugs involve weaknesses that, if exploited, would allow attackers to run their own code remotely on a target machine.

VULNERABLE SOFTWARE Internet Explorer Windows 98, ME, XP and 2000 Windows 2000 Service Packs 3 and 4 Windows XP 64-bit edition, version 2003 and Service Pack 1 Windows XP Service Packs 1 and 2 Windows Server 2003 Office Word 2003 Works Suite 2001, 2002, 2003, 2004 Word 2002 MSN Messenger 6.2 Exchange Server 2003 Exchange Server 2003 Service Pack 1 Exchange 2000 Server Service Pack 3

Any malicious hacker who managed to do this would have complete control over the machine and could use this access to steal confidential information or use that machine as a spam forwarder or to attack other websites.

Microsoft said it was important for users to download the patches and apply them because often computer code written to exploit the loopholes quickly follows the issuing of a fix of a bug.

Users are less likely to fall victim to some of the bugs which require them to visit websites loaded with malicious code that exploits the flaws.

However, one of the flaws that Microsoft has flagged in its April update affects many of the net systems that use the IP networking protocol.

As its name implies IP, aka Internet Protocol, is integral to the way the net works.

Gerhard Eschelbeck, chief technology officer of Qualys which found the flaw, said the bug could let an attacker interfere with net traffic to mount attacks on websites by cutting people off from those sites. These are known as Source Quench attacks.

So far Microsoft, Cisco, Juniper, IBM and Red Hat have all issued advice and updates for products that tackle the bug.