Microsoft patches Windows, offers malware removal tool

IDG News Service - Microsoft Corp.today offered patches for several serious Windows security holes and released a new tool that lets users remove malicious software from their PCs.

In addition, Microsoft said it now has a formal closed beta-test program for testing security updates. Through the new Security Update Validation Program, select customers and partners representing many backgrounds will get access to security updates to test for application compatibility, Microsoft said in a statement.

Microsoft has always tested its security updates before releasing them publicly. However, the company established this beta program over the past year to provide broader testing in more real-world scenarios, a spokeswoman said.

On its first "patch Tuesday" in 2005, Microsoft published three Security Bulletins, all related to Windows. Two of the bulletins are rated "critical," Microsoft's highest severity rating, while the other is "important," one notch lower on the vendor's scale.

In Microsoft's rating system for security issues, vulnerabilities that could allow a malicious Internet worm to spread without any action on the part of the user are rated critical. Issues that require a user action to spread a worm, but could still expose user data or threaten system resources, are rated important.

The first critical vulnerability lies in the Windows HTML Help system, which has been the subject of security flaws in the past. The latest flaw was reported last month and has been exploited to attack users, according to Microsoft. It can allow an attacker to take control of a victim's system through a malicious Web site or an e-mail message.

The Windows HTML Help system is designed to help PC users by providing graphics, multimedia elements and hyperlinks to additional information. The vulnerability puts systems running Windows XP, Windows Server 2003 and Windows 2000 at risk; Windows NT Server 4.0 is not affected, Microsoft said in Security Bulletin MS05-001.


MS05-002, the second critical Security Bulletin of the year, details two flaws in the way Windows handles cursor, animated cursor and icon formats. One flaw is so serious that it could give an attacker complete control of a user's system, while the other flaw could be exploited to crash Windows systems, a denial-of-service attack, Microsoft said.

The cursor and icon format handling affects Windows NT Server 4.0, Windows 2000, Windows XP and Windows Server 2003. Systems with Windows XP Service Pack 2 (SP2) are not exposed as a result of this issue, according to Microsoft.

Deemed "important" by Microsoft is a flaw in the Windows Indexing Service that affects Windows 2000, Windows XP with SP1, Windows Server

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.