The great American company...peddling wares to all the security agencies....and this is what they REALLY have to say about their own product
Microsoft reveals 'critical' security flaws
Thursday December 12, 5:29 pm ET
By Riva Richmond
NEW YORK (AP) -- Microsoft Corp. revealed "critical" flaws in its near-ubiquitous
Windows operating system that could allow hackers to do alarming things like alter data
stored in computers, load and run nefarious programs and reformat hard disks.
In a security bulletin published late
Wednesday, Microsoft urged
Windows users to download a new
version of Microsoft Virtual Machine,
which is the part of Windows that
runs Java-language applications.
The new version corrects eight
vulnerabilities discovered by
Microsoft and outside experts.
Attackers use Web pages or e-mails
to deliver malicious Java programs.
"An attacker could, in the most
serious of these vulnerabilities, gain
complete control of a user's system
and take any action" he chooses,
said John Montgomery, director of
the Microsoft division that is responsible for Virtual Machine.
Security features in Outlook Express 6 and Outlook 2002, Microsoft's newest mail
programs, are safe from the e-mail attacks by default. Outlook 98 and 2000 users are
also protected if users have installed Microsoft security updates.
To gain added protection against a Web page attack, users can stop their machines
from running all Java applets. But in default settings, "if a user were to navigate to an
infected Web page, they would be vulnerable," Montgomery said.
Gary Bahadur, chief information officer at computer security company Foundstone,
said exploiting the flaws would be work for expert hackers, not novices. "This is not an
easy attack at all," he said. "You've got to be pretty slick, pretty creative."
Also on Wednesday evening, Microsoft issued "important" patches for flaws in Windows
NT, 2000 and XP that could also give attackers full control over a PC. However, these
flaws are less dangerous, because an attacker would have to be able to log onto the
computer to do exploit them.
In a third bulletin, Microsoft revealed flaws in Windows 2000 and XP that could enable a
hacker to modify a network's security policies. It labeled the issue's risk level as
"moderate." XP versions running Service Pack 1 aren't vulnerable.
CC |
