Database maker Oracle released fixes for 41 flaws across its products on Tuesday, eclipsing the single patch released by Microsoft to fix three flaws.

Oracle's update patched its 11g, 10g, and 9i databases — as well as its WebLogic Server — including fixes for five critical issues, according to the company's advisory. Microsoft's single patch closed one publicly- and two privately-disclosed holes in the way the company's Windows operating system handles the Server Message Block (SMB) protocol. Microsoft considers the patch critical for users of Windows 2000, Windows XP and Windows Server 2003, the company stated in its bulletin.

"In a worst case scenario an anonymous attacker who successfully exploited these vulnerabilities could remotely gain complete control over a vulnerable system, without any action on the side of the user," Dave Marcus, security research and communications director at McAfee Avert Labs, said in a statement sent to SecurityFocus. "In the past, these types of vulnerabilities have been exploited in worm attacks."

Security firm Symantec, the owner of SecurityFocus, estimated that ten of the flaws patched by Oracle could be remotely exploited.

"Patches for Oracle Times Ten Data Server and Oracle Secure Backup should be applied immediately by all customers," Alfred Huger, vice president of Symantec Security Response, said in a statement.

Even though Microsoft rated its bulletin Critical, the company assigned an exploitability index of "3 - Functioning Exploit Code Unlikely" to the issues. "Most attempts to exploit this vulnerability would result in a system denial of service condition, however remote code execution is theoretically possible," the company stated in its bulletin.

If you have tips or insights on this topic, please contact SecurityFocus.