Watch CBS News

X-SciTech

New Fixes For Windows Break-Ins

/ CBS/AP

Microsoft Corp. has released two security fixes that carry its most severe threat rating, including one that applies even to computers that have downloaded the company's massive security update for the Windows XP operating system.

Both flaws affect versions of the company's dominant operating system going back to Windows 98, and both could allow an attacker to take control of another person's computer.

One of the flaws also leaves vulnerable users who have downloaded Service Pack 2, a major security upgrade for Windows XP that was released last summer. The security fix came after a series of crippling attacks on Microsoft's technology, which have wreaked havoc on both businesses and computer users.

Stephen Toulouse, a security program manager at Redmond-based Microsoft, said Tuesday the company never expected SP2 to solve all of its security problems.

"We knew we were going to be providing updates for SP2," he said. "The goal was always around reducing the number of critical updates."

The flaw that affects SP2 takes advantage of a problem with Internet Explorer that could allow an attacker to gain control of a computer if a user was persuaded to visit a malicious Web site.

The other flaw could be exploited if a person was persuaded to use a specially formulated cursor or icon that secretly allowed an attacker to gain control of another person's computer.

Microsoft also released a third security fix Tuesday with a lesser rating of "important." That vulnerability, which also could allow another person to gain control of a user's computer, only affects users running Windows XP and Windows Server 2003.

The new security fixes, released as part of Microsoft's regular monthly security updates, come a week after Microsoft said it would begin offering a free program to remove the most dangerous infections from computers. Users who have chosen to automatically receive Microsoft security fixes would begin to receive that removal tool Tuesday, Toulouse said.

Last week the company also began offering a free program to remove spyware. Spyware can monitor computer users' activities, send annoying pop-up ads and slow computer performance.

Microsoft also has confirmed plans to sell its own antivirus software, which would compete against programs from McAfee, Symantec and others.

First published on November 18, 2004 / 10:10 AM EST

© 2004 CBS Interactive Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.