'Critical' patches released for Windows

By Dawn Kawamoto
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

Related Stories: Phishing hole discovered in IE
December 17, 2004; Microsoft: To secure IE, upgrade to XP
September 23, 2004

Microsoft on Tuesday released two critical patches for its Windows operating system, but a patch for the underlying security problems with Internet Explorer 6 is not yet ready for prime time.

As part of its monthly update release, the company issued three patches--one rated important and two critical. That announcement reflects a more active month than December, when the software giant issued no critical patches for the period.

"Even though we did not rate any patches critical in December, the two we have in January are not indicative of a year more of this type of situation," said Stephen Toulouse, a Microsoft security program manager.

One critical patch is designed to resolve the security issues surrounding the HTML Help ActiveX control in Windows. Security experts had warned Microsoft about this problem and were pushing the vendor to take quick action, given that an exploit for the vulnerability existed.

The patch addresses the potential problem of attackers taking complete control over an affected system, such as placing and executing programs like spyware and pornography dialers without the users' knowledge.

The second critical patch addresses vulnerabilities in systems from Windows NT servers to Windows XP involving the cursor and icon format handling. Attackers could exploit the vulnerabilities by creating a specially crafted Web page that would have malware.

"These first two patches address vulnerabilities that have proven exploits, and the third has the potential (for an exploit)," said Jimmy Kuo, a McAfee research fellow.

Microsoft also issued a third patch for Windows indexing service, with the threat level rated as important but not critical. That's because the indexing component is turned off by default, making it more difficult for an attacker to access index contents in Windows Media, for example, Toulouse said.

See more CNET content tagged:
patch management, Stephen Toulouse, patch, vulnerability, attacker

Add a Comment (Log in or register) 2 comments

Microsoft update Kb890175
by dagoe1 January 12, 2005 4:03 PM PST: I downloaded Kb890175 but it will not install??

Is anyone else having this problem, if so, what do we do to install?

I have XP with sp2.

HELP

Tks,
EJH; Reply to this comment View reply
Processing

Latest tech news headlines

Google launches Mail Goggles to save you from yourself
Posted in Webware by Rafe Needleman

October 6, 2008 11:36 PM PDT
Industrial Origami snaps up $17 million
Posted in Green Tech by Elsa Wenzel

October 6, 2008 11:26 PM PDT
Realism creeping into venture capital calculations
Posted in Webware by Rafe Needleman

October 6, 2008 11:15 PM PDT
See all headlines

Resource center from News.com sponsors

You Need The Speed of Norton 2009

Introducing Norton Internet Security™2009

With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

Nanotech: The Circuits Blog
AMD to spin off manufacturing
Company is expected to announce a long-expected restructuring of its manufacturing operations.
Gallery
Photos: Top 10 reviews of the week
News - Apple
Report: iPhone 2.2 getting Google's Street View
New iPhone firmware beta getting Google Maps Street View, Japanese emoji picture characters, and a typing autocorrect on-off switch, MacRumors reports.
Coop's Corner
OK, so I'm a tech Pollyanna. Sue me
Perfectly understandable if you're freaked out over the prolonged tech tumble in the stock market. But it's not as if we've never seen something like this before. Remember?
Video
DIY political ads proliferate
News - Digital Media
More companies bracing investors for current quarter
Amid troubled economic climate, public companies like SAP and Netflix are retooling Wall Street's expectations before they even report results of their third quarter.
Video
Nintendo DS-i: The wait begins
News - Politics and Law
'Capitol Tweet' widget follows Congress on Twitter
The nonprofit Sunlight Foundation is offering a widget to follow the latest tweets from Capitol Hill.
Crave
Palin, Biden bots stage showdown of their own
Student-made punching bots duke it out on the Washington University campus as the vice presidential candidates ready for the big debate inside.
Gallery
Photos: Nintendo showcases new DS-i, Wii games
Crossfade
Jah Cure, 'Journey Riddem': Free MP3 of the Day
In an era overstuffed with mediocre reggae-rap, Jah Cure reminds us what a compelling hybrid it can be. Download a free MP3 of "Journey Riddem" courtesy of CNET Download Music.
Green Tech
Industrial Origami snaps up $17 million
San Francisco start-up aims to bring to market its low-waste system of fold-up sheet metal for building appliances and automobiles.