by Elizabeth Millard, cio-today.com
Microsoft's monthly patch release comes with warnings on this go-round. The company has noted that three of the flaws being fixed already are being exploited by malicious hackers.
The vulnerabilities are in Windows and Office programs, and have garnered the company's highest security rating of "critical."
Microsoft has urged users to patch their systems as quickly as possible, and also to update to the latest version of Windows XP, which offers more advanced security technology in its Service Pack 2.
Fixer Upper
One of the reported flaws affects the Microsoft Color Management Module, a part of Windows that handles colors. Another is related to the JView Profiler, a component of the company's Java Virtual Machine.
Both vulnerabilities could be used to take control of a PC remotely, Microsoft has noted. Some security firms have seen attackers using the JView flaw to download and install Trojans on users' machines.
Also updated this month is the Windows Malicious Software Removal tool, which now removes variants of several viruses, including Wootbot, Optix, Optixpro, Pacty and Prustiu.
Patch Cycle
The inclusion of patches for flaws that are being exploited actively is not a new phenomenon, especially for Microsoft and its monthly patch update, security experts have noted.
"Many times, patches are developed specifically because vulnerabilities are being exploited, or have the potential to be," said Thomas Kristensen, chief technology officer at security firm Secunia.
"The only difference with those is that they tend to speed up the patching cycle," he added.
Security Minded
In releasing the patch round, Microsoft has emphasized a fresh focus on security.
At Microsoft's Worldwide Partner Conference on July 10, security chief Mike Nash noted that there has been progress made in several security areas since 2003, when Steve Ballmer made a new commitment to address security.
Nash unveiled enhancements to the Microsoft Partner Program Security Solutions Competency, an initiative designed to support a broader set of security services partnerships.
Although Nash detailed additional technology investment and prescriptive guidance in the security field, he acknowledged that there is more work to be done.
Copyright 2005 NewsFactor Network, Inc.
NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at
For more information go to: