Microsoft issues four security updates
Microsoft released four software patches on Tuesday to fix security flaws, including one that could allow hackers to take over computers running the company’s instant messaging programs.
Only one of the flaws carried the company’s most severe “critical” rating, and it only applies to the Windows 2000 operating system.
To be affected, users would have to visit a website and install a program that could then run malicious code on their computers, said Mark Griesi, a security programme manager at the Redmond-based software maker.
The other security vulnerabilities—including the one affecting MSN Messenger and Windows Live Messenger—were assigned the second-highest “important” rating.
The IM flaw would allow hackers to run malicious code on computers if users click on an instant message link inviting them to check out a video.
“If the victim accepts that invitation, that’s when this vulnerability kicks in,” said Amol Sarwate, manager of the vulnerability research lab at the security company Qualys.
Hackers are beginning to target instant messaging programs because it is getting harder to trick people into clicking on links sent in emails, analysts say.
And not all PC security programs cover instant messaging programs, said Andrew Storms, director of security operations at nCircle, a vulnerability management company.
Two other patches released on Tuesday as part of Microsoft’s regular monthly security updates affect programs used by software developers and administrators of corporate computer systems.
Microsoft recommends that all users set up their computers to receive the updates automatically.—Sapa-AP. .