January 11, 2005 3:21 PM PST

'Critical' patches released for Windows

Related Stories

Phishing hole discovered in IE

December 17, 2004

Microsoft: To secure IE, upgrade to XP

September 23, 2004
Microsoft on Tuesday released two critical patches for its Windows operating system, but a patch for the underlying security problems with Internet Explorer 6 is not yet ready for prime time.

As part of its monthly update release, the company issued three patches--one rated important and two critical. That announcement reflects a more active month than December, when the software giant issued no critical patches for the period.

"Even though we did not rate any patches critical in December, the two we have in January are not indicative of a year more of this type of situation," said Stephen Toulouse, a Microsoft security program manager.

One critical patch is designed to resolve the security issues surrounding the HTML Help ActiveX control in Windows. Security experts had warned Microsoft about this problem and were pushing the vendor to take quick action, given that an exploit for the vulnerability existed.

The patch addresses the potential problem of attackers taking complete control over an affected system, such as placing and executing programs like spyware and pornography dialers without the users' knowledge.

The second critical patch addresses vulnerabilities in systems from Windows NT servers to Windows XP involving the cursor and icon format handling. Attackers could exploit the vulnerabilities by creating a specially crafted Web page that would have malware.

"These first two patches address vulnerabilities that have proven exploits, and the third has the potential (for an exploit)," said Jimmy Kuo, a McAfee research fellow.

Microsoft also issued a third patch for Windows indexing service, with the threat level rated as important but not critical. That's because the indexing component is turned off by default, making it more difficult for an attacker to access index contents in Windows Media, for example, Toulouse said.

2 comments

Join the conversation!
Add your comment (Log in or register)
Microsoft update Kb890175
I downloaded Kb890175 but it will not install??

Is anyone else having this problem, if so, what do we do to install?

I have XP with sp2.

HELP

Tks,
EJH
Posted by dagoe1 (1 comment )
Reply Link Flag
it will not install
<a class="jive-link-external" href="http://www.analogstereo.com/isuzu_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/isuzu_owners_manual.htm</a>
Posted by Al Johnsons (157 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

Inside CNET News

1-2 of 10

Scroll Left Scroll Right

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

Markets

Market news, charts, SEC filings, and more

Related quotes

Microsoft (0.28%) 0.08 30.58
Dow Jones Industrials (0.57%) 72.81 12,874.04
S&P 500 (0.68%) 9.13 1,351.77
NASDAQ (0.95%) 27.51 2,931.39
CNET TECH (0.84%) 17.13 2,049.14
  Symbol Lookup