by Elizabeth Millard, cio-today.com
Microsoft's monthly patch release comes with warnings on this go-round. The company has noted that three of the flaws being fixed already are being exploited by malicious hackers.
The vulnerabilities are in Windows and Office programs, and have garnered the company's highest security rating of "critical."
Microsoft has urged users to patch their systems as quickly as possible, and also to update to the latest version of Windows XP, which offers more advanced security technology in its Service Pack 2.
One of the reported flaws affects the Microsoft Color Management Module, a part of Windows that handles colors. Another is related to the JView Profiler, a component of the company's Java Virtual Machine.
Both vulnerabilities could be used to take control of a PC remotely, Microsoft has noted. Some security firms have seen attackers using the JView flaw to download and install Trojans on users' machines.
Also updated this month is the Windows Malicious Software Removal tool, which now removes variants of several viruses, including Wootbot, Optix, Optixpro, Pacty and Prustiu.
The inclusion of patches for flaws that are being exploited actively is not a new phenomenon, especially for Microsoft and its monthly patch update, security experts have noted.
"Many times, patches are developed specifically because vulnerabilities are being exploited, or have the potential to be," said Thomas Kristensen, chief technology officer at security firm Secunia.
"The only difference with those is that they tend to speed up the patching cycle," he added.
In releasing the patch round, Microsoft has emphasized a fresh focus on security.
At Microsoft's Worldwide Partner Conference on July 10, security chief Mike Nash noted that there has been progress made in several security areas since 2003, when Steve Ballmer made a new commitment to address security.
Nash unveiled enhancements to the Microsoft Partner Program Security Solutions Competency, an initiative designed to support a broader set of security services partnerships.
Although Nash detailed additional technology investment and prescriptive guidance in the security field, he acknowledged that there is more work to be done.
Copyright 2005 NewsFactor Network, Inc.
NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at. Hundreds of new articles daily. *** FAIR USE NOTICE. This message contains copyrighted material the use of which has not been specifically authorized by the copyright owner. This Internet discussion group is making it available without profit to group members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of literary, educational, political, and economic issues, for non-profit research and educational purposes only. I believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner, in this instance, NewsFactor Network.
For more information go to:[TELECOM Digest Editor's Note: One of the reasons these patches are occuring with increasing regularity is because the principal organization which _could_ bring it all to a quick halt (ICANN) has no real concern. In fact, I strongly suspect that in their corruption, ICANN encourages spam and scam. The reason for that is, that ICANN is _not_ interested in small computer site operators like most of you or myself. The quicker Vint Cerf and his cronies at ICANN can _drive us away_ -- make the net essentially unusable for the rest of us -- the quicker they can make it available for the exclusive use of businesses, etc. And Vint Cerf of course means MCI, one -- if not the biggest -- polluter of the net. PAT]