As expect, Microsoft on Tuesday issued fixes for three new critical security flaws in its products, and warned customers that they should install the patches immediately because each of the flaws could be easily exploited. The flaws are found in various Windows and Internet Explorer versions, and in Microsoft Word, the word processing application that is part of Microsoft Office.
"The key thing is really that we want to make people understand the risk with these flaws and that they enable Automatic Updates (AU)," says Stephen Toulouse, a product manager in Microsoft's Security Response Center. Windows users who have enabled AU automatically received the fixes for these flaws yesterday.
One of the flaws is found in the color management technology in Windows, which is related to viewing digital images and can be used by various applications. Hackers seeking to take control of a Windows machine could create a specially formatted file that appears to be an image file; when launched, the file would run arbitrary code on the unsuspecting user's machine. The IE flaw was previously announced and involves Microsoft's Java virtual machine (JVM) technology. The Word flaw, which occurs in Word XP and 2003, is similar to the Windows flaws, but involves a specially formatted Word document.
For more information, please visit the Microsoft Security Center.
http://www.microsoft.com/security
