Microsoft warned that a successful exploit of the DHCP holes could allow an attacker to take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
A separate advisory, MS04-043, was released to stop a buffer overrun found in the Windows HyperTerminal utility. Affected software includes Windows NT Server 4.0, Windows 2000, Windows XP (SP1 and SP2) and Windows Server 2003.
The company warned that an attacker could construct a malicious HyperTerminal session file to launch code on a vulnerable system. "This vulnerability could attempt to be exploited through a malicious Telnet URL if HyperTerminal has been set as the default Telnet client. An attacker who successfully exploited this vulnerability could take complete control of an affected system," according to the advisory.
The fifth "important" advisory for December, MS04-044, corrects issues in Windows Kernel and LSASS that could allow privilege elevation attacks. Microsoft said a successful exploit could put users at risk of having programs installed or data viewed, deleted or changed.
The company also reissued the MS04-028 advisory, which affected JPEG Parsing (GDI+) in Windows, Office, Graphics Application and Developer Applications subsystem in Microsoft Windows.
The reissue addresses newly available updates for Microsoft Visual FoxPro 8.0 and the Windows .Net Framework 1.0 and 1.1 without Service Pack 1.
Two of the five December bulletins apply to Windows XP Service Pack 2, but the severity rating is reduced to "moderate" for those customers.