Microsoft users need three security updates for Windows, company says; two of flaws get most severe threat rating

Wednesday, January 12th 2005, 8:36 am
By: News On 6

SEATTLE (AP) _ Microsoft Corp. is warning its users that they need three security updates, including one that applies even to computers that have downloaded the company's massive fix for the Windows XP operating system.

Two of the flaws, which carry the company's most severe threat rating, affect versions of the company's dominant operating system going back to Windows 98. One also affects even users who have downloaded Service Pack 2, a major security upgrade for Windows XP released last summer after a series of crippling attacks on Microsoft technology.

SP2 was never expected to solve all Microsoft's security problems, said Stephen Toulouse, a security program manager at Redmond-based company.

``We knew we were going to be providing updates for SP2,'' he said. ``The goal was always around reducing the number of critical updates.''

The third flaw, with a lesser threat rating of ``important,'' affects machines running Windows XP and Windows Server 2003.

All three, in various ways, could allow an attacker to take control of another computer.

The flaw that affects SP2 takes advantage of a problem with Internet Explorer that could allow an attacker to gain control of a computer if a user was persuaded to visit a malicious Web site.

The other severe flaw could be exploited if a user employs a specially formulated cursor or icon that secretly allowed an attacker to gain control of another person's computer.

The new security fixes, released as part of Microsoft's regular monthly security updates, come a week after Microsoft said it would begin offering a free program to remove the most dangerous infections from computers. Many users have already received that removal tool.

Last week, the company also began offering a free program to remove spyware. Spyware can monitor computer users' activities, send annoying pop-up ads and slow computer performance.

Microsoft also has confirmed plans to sell its own antivirus software, which would compete against programs from McAfee, Symantec and others.