June 20, 2005
(IDG News Service)
Microsoft last week released 10 software patches, including three rated "critical," in an attempt to plug security holes in a variety of its products.
The critical fixes issued as part of the software vendor's monthly patch update include one for a flaw in Internet Explorer that could allow attackers to use Web pages containing malicious code stored as Portable Network Graphics files to gain control of systems. Microsoft said it also found similarly dangerous bugs in the Windows HTML Help system and its Server Message Block file-sharing protocol.
Though it merited only a "moderate" severity rating, a bug in the company's Microsoft Agent user-interface technology is potentially serious because it could let attackers gain control over pop-up messages and trick users into downloading malicious code, said Russ Cooper, senior scientist at IT security vendor Cybertrust Inc. in Herndon, Va.
Stephen Toulouse, security program manager at Microsoft's Security Response Center, said the vulnerability was rated moderate because Agent isn't always automatically enabled and because the flaw doesn't directly allow attackers to control systems.