It's security bulletin release Tuesday for Microsoft. The company issued four new security bulletins — all of which pertain to Windows vulnerabilities. Three of the new patches are rated "critical," and the other, "important.

In the worst case, the new vulnerabilities could allow attackers to take control of users' systems by installing programs; viewing, changing or deleting data; or crating new accounts with full privileges, Microsoft warned.

Bulletin MS04-011 pertains to a remote-code-execution vulnerability in all versions of Windows ranging from NT 4.0 to Windows XP and Windows Server 2003.

Bulletin MS04-012, a cumulative update for Microsoft's remote procedure call/distributed component object model (RPC/DCOM) technologies, also applies to all versions of Windows ranging from NT 4.0 to Windows XP and Windows Server 2003.

The third critical bulletin, Bulletin MS04-013, is a cumulative update for Outlook Express 5.5 and 6.0. As Outlook Express is part of many older versions of Windows, as well as current ones, Microsoft is recommending users of all Windows variants, starting with Windows 98, download and apply this update — even if Outlook Express is not the default e-mail reader on the system.

The fourth bulletin, labeled "important," is MS04-014, and pertains to a vulnerability in Microsoft's Jet database engine 4.0. Microsoft is recommending that users running versions of Windows from Windows 98 to the current Windows XP and Windows Server 2003 apply the patch in order to head off possible buffer-overrun problems that could allow remote code execution on users' systems.

On Tuesday, Microsoft also re-released several existing security bulletins (MS00-082, MS01-041, MS02-011 and MS03-046) to reflect update availability for Exchange 5.0.

All recent updates are available for download at http://www.microsoft.com/security/. Microsoft is on a monthly security-update schedule, releasing its latest security updates on the second Tuesday of each month.

Two security firms, iDefense and eEye Digital Security, both were quick to note that they helped Microsoft uncover the latest vulnerabilities.

iDefense is taking credit for discovering the remote-execution vulnerability patched in Bulletin MS04-011. The company alerted Microsoft, tested the patch and coordinated public disclosure with Microsoft, iDefense officials said.The security intelligence firm also gave its own banking and government agency clients a functioning work-around three months ago, according to the company.

iDefense said this latest vulnerability could have impacted Microsoft's own Help and Support Center feature that is built into Windows.

eEye, which makes network security products, announced that security scanner product can detect six related Windows vulnerabilities. The company says its research team discovered two of the same vulnerabilities that Microsoft patched today back in September 2003.