BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Software

Desktop platforms Toolkit

Microsoft releases critical patches for XP

Tags:
XP,
Microsoft

Dawn Kawamoto CNET News

Published: 12 Jan 2005 08:30 GMT

Microsoft on Tuesday released two critical patches for its Windows operating system, but a patch for underlying security problems in Internet Explorer 6 is not yet ready for prime time.

As part of its monthly update release, the company issued three patches -- one rated important and two critical. That announcement reflects a more active month than December, when the software giant issued no critical patches for the period.

"Even though we did not rate any patches critical in December, the two we have in January are not indicative of a year more of this type of situation," said Stephen Toulouse, a Microsoft security programme manager.

One critical patch is designed to resolve the security issues surrounding the HTML Help ActiveX control in Windows. Security experts had warned Microsoft about this problem and were pushing the vendor to take quick action, given that an exploit for the vulnerability existed.

The patch addresses the potential problem of attackers taking complete control over an affected system, such as placing and executing programs like spyware and pornography diallers without the users' knowledge.

The second critical patch addresses vulnerabilities in systems from Windows NT servers to Windows XP involving the cursor and icon format handling. Attackers could exploit the vulnerabilities by creating a specially crafted Web page that would have malware.

"These first two patches address vulnerabilities that have proven exploits, and the third has the potential [for an exploit]," said Jimmy Kuo, a McAfee research fellow.

Microsoft also issued a third patch for Windows indexing service, with the threat level rated as important but not critical. That's because the indexing component is turned off by default, making it more difficult for an attacker to access index contents in Windows Media, for example, Toulouse said.

The patches are available from Microsoft's Web site or through its Windows Update service.

Did you find this article useful?
61 out of 101 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

Company/Topic Alerts

Create a new alert from the list below:

Microsoft

Video

Install Flash Player plugin

Find out more: From The Labs: A look at...

All videos
Most popular videos
Latest videos

Microsoft Windows 7 Special Report Special Report

How Microsoft can make Windows 7 a success

Comment Many businesses have given Vista a wide berth; Microsoft must focus on five areas to make sure Windows 7 doesn't suffer the same fate, argues TechRepublic's Jason Hiner