Microsoft patches 'critical' hole

updated 11:09 a.m. ET Nov. 14, 2007

SEATTLE - Microsoft Corp. issued two security fixes in a regular monthly update Tuesday, including one that removes a dangerous bug in all versions of Windows XP and Windows Server 2003.

Microsoft gave the serious security fix its most urgent "critical" rating. Hackers could exploit a vulnerability using Internet Explorer 7, and possibly other programs, and take over a user's computer for a variety of nefarious purposes, such as stealing passwords or pumping out spam.

(Msnbc.com is a Microsoft-NBC Universal joint venture.)

The security hole "is concerning as it's a publicly known issue that puts computer users at risk," said Ben Greenbaum, a senior research manager on antivirus software maker Symantec Corp.'s security response team.

The other fix, which Microsoft gave the second-highest "important" rating, is for computers running versions of Windows 2000 Server and Windows Server 2003. Hackers could exploit the flaw in Microsoft's program to redirect Internet traffic from legitimate sites to fake ones.

Windows users can visit Microsoft's security Web site to get the updates or configure their computers to automatically update each month.

MORE FROM SECURITY

Security Section Front

T-Mobile sued over 'mandatory' text fees Web site design flaws make banking riskier Facebook redesign to weed out toxic spam The end of human customer service? EU warns against buying ring tones online Engineer accused of network tampering Man gets prison time for spamming AOL FCC chief says Comcast violated Internet rules Lawmakers to probe 'adware' practices Red Tape: Thwarting thieves with ... magic? Security Section Front   Add Security headlines to your news reader: