Microsoft has released new critical security patches for Internet Explorer and Outlook, the fourteenth and fifteenth patches released for its products this year.

The first is a cumulative fix for a series of problems with IE 5.01 and above. This addresses a serious buffer overrun problem, as well file upload protocols and third-party file rendering. The patch is available here.

The second patch is for Outlook versions 5.5 and 6.0, and fixes a flaw that potentially allows hackers to install files on a PC.

A problem in the MHTML URL handler in Windows makes a PC vulnerable if a suitable URL is constructed.

This can be a threat even if the user does not use Outlook as the primary email client, because elements of Outlook control how the PC deals with web addresses. The patch is available here.

It is now nearly 18 months since Bill Gates's memo to staff which signalled a new focus on security in Microsoft applications.