Microsoft reveals Windows security flaws

Microsoft has revealed flaws in its Windows system that could allow hackers to alter data in computers, load and run destructive…

Microsoft has revealed flaws in its Windows system that could allow hackers to alter data in computers, load and run destructive programs or reformat hard disks.

In a security bulletin, Microsoft urged Windows users to download a new version of Microsoft Virtual Machine, which is the part of Windows that runs Java-language applications.

The new version corrects eight vulnerabilities discovered by Microsoft and outside experts.

Attackers use web pages or e-mails to deliver malicious Java programs.

READ MORE

"An attacker could, in the most serious of these vulnerabilities, gain complete control of a user's system and take any action" he chooses, said Mr John Montgomery of Microsoft.

Security features in Outlook Express 6 and Outlook 2002, Microsoft's newest mail programs, are safe from the e-mail attacks by default. Outlook 98 and 2000 users are also protected if users have installed Microsoft security updates.

To gain added protection against a web page attack, users can stop their machines from running all Java applets. But in default settings, "if a user were to navigate to an infected web page, they would be vulnerable," Mr Montgomery said.

Mr Gary Bahadur, chief information officer at computer security company Foundstone, said exploiting the flaws would be work for expert hackers, not novices.

Microsoft also issued "important" patches for flaws in Windows NT, 2000 and XP that could also give attackers full control over a PC. However, these flaws are less dangerous, because an attacker would have to be able to log onto the computer to do exploit them.

AP