E-Commerce News: Security: Patch Tuesday Brings Fixes for Critical Windows Flaws

Patch Tuesday Brings Fixes for Critical Windows Flaws

By Tim Gray
TechNewsWorld
Part of the ECT News Network
04/11/07 1:32 PM PT

Microsoft on Tuesday released three fixes to "critical" security-related flaws in the Windows OS and a security update in Microsoft's Content Management Server. "These hacks are becoming more common but it really is a matter of users taking responsibility for keeping their systems updated," Laura DiDio, an analyst with the Yankee Group, told TechNewsWorld.

Rewriting the Startup Handbook
Starting up a new software company is not very hard, but making it successful requires a willingness to remake old rules to fit the Internet age. Getting venture capital or angel investor funds starts with nailing your story. [Download PDF: 5 pgs | 162k]

Microsoft (Nasdaq: MSFT) on Tuesday issued fixes for what it called four "critical" security flaws in its software, which it said could let hackers gain remote control of a user's computer.

The software giant, which defines a critical flaw as one that allows an Internet worm to replicate without user intervention, issued the updates as part of its monthly "Patch Tuesday" security bulletin.

New Removal Tool

Three of the updates plug holes in the Windows operating system -- vulnerabilities that cybercriminals could use to install malicious code on PCs. The fourth fixes a security flaw in Microsoft's Content Management Server.

Computer users that have enabled Windows' automatic updates feature can simply wait for the patches to automatically download and install themselves. Others can visit Microsoft's security Web site at to download the fixes.

Tuesday's scheduled update includes a new version of the Windows Malicious Software Removal Tool, which identifies malware, as well as several non-security items including a refinement of how Windows Mail identifies junk e-mail and grammatical fixes for certain foreign-language versions of Windows Vista.

Microsoft also released an important security update which is meant to stop hackers from taking over a computer by gaining high-level system privileges.

Breaking the Cycle

The fixes come slightly more than one week after Microsoft broke its normal once-monthly update schedule to release an emergency fix for the way many versions of Windows, including the newly-released Vista, handle animated cursor files.

Microsoft and security experts had found that hackers were exploiting the vulnerability and installing malicious software on PCs remotely.

That particular Windows vulnerability could allow attackers to hijack a PC and divert Web traffic through a malicious proxy server , according to Microsoft.

Once compromised, the computer can be commandeered by hackers to send e-mail messages linked to a malicious payload hosted on a remote Internet server and trick recipients into downloading a backdoor Trojan Horse virus.

"These hacks are becoming more common but it really is a matter of users taking responsibility for keeping their systems updated," Laura DiDio, an analyst with the Yankee Group, told TechNewsWorld.

IT managers and individual users need to keep their systems updated against these these increasing security threats, she added.

Redmond said it has been working to improve the security and reliability of its products as an increasing volume of malicious software targets weaknesses in Windows and other Microsoft programs.