Microsoft has released three updates that address critical flaws detected in the Windows operating system and in the Word text editor. Corrections are part of the update monthly, scheduled for the second Tuesday of each month, but the company warns that the system update is urgent because they are already known exploits for these vulnerabilities.
According to data from Microsoft, these security breaches allow a hacker take full control of the system and use it to launch other attacks, affecting the Windows XP and 2000 and Windows Server 2003 operating systems, as well as the versions of Word integrated into Office 2000, but not those of Office 2003, in addition to the text included in the Works 2000 package until 2004.
In the case of the Word vulnerability, the flaw allows remote code execution and the company advises users to use Office Update to install the fix.
In Windows the flaws affect the component of the operating system that manages the use of color, the Microsoft Color Management Module, and the JView Profiler of Microsoft’s Virtual Java Machine. By exploiting these vulnerabilities, an attacker could take control of the PC and download and install Trojan horses, which will then allow you to use these computers to launch attacks on other networks.
«We want people to understand the risk of these failures and automatically update the software«said Stephen Toulouse of the Microsoft Security Response Center, speaking to Reuters.
2005-07-04 – Microsoft admits new security flaw in Internet Explorer
2005-06-15 – Microsoft fixes three critical flaws in the June security bulletin
2005-06-07 – Microsoft advances with new automatic update tools