Microsoft released five patches on Tuesday to close six security holes in Windows software, including a critical vulnerability in the Windows client/server runtime subsystem (CSRSS) handles error messages, and two other flaws in the company's Content Management Server software.

The regularly monthly patch day, known among system administrators and security researchers as Patch Tuesday, came a week after the software giant had released an emergency fix to close seven security holes, including the critical animated-cursor vulnerability. Attackers that appear to be from China and Eastern Europe have attempted to use the vulnerability to take control of end users' systems.

The flaw in the Windows client/server runtime subsystem (CSRSS) is the most critical, allowing remote exploitation of the vulnerability for all versions of Windows, including Microsoft's Windows Vista. Another flaw in Windows XP's handling of Universal Plug-and-Play exceptions is rated critical for that platform but not Windows Vista.

Microsoft also released a new version of its malicious code removal tool and six non-security updates for various patching systems, the software giant stated in its security bulletin.