Ted Bridis
AP Technology Writer
Wednesday, March 19, 2003; 3:35 PM
Microsoft Corp. on Wednesday warned about a serious flaw in almost every version of its popular Windows software that could allow hackers to seize control of a person's computer when victims read e-mails or visit Web sites.
Microsoft assessed the problem's urgency as critical, its highest level, and urged customers to download a free repairing patch immediately from its Web site, www.microsoft.com/security.
The company said it was unaware of any reports that hackers already had used the technique to break into computers, but the time between disclosure of a new flaw and such break-ins has become increasingly short.
Russ Cooper, a security expert for TruSecure Corp., based in Herndon, Va., predicted that antivirus software will be updated to protect users who might receive infected e-mails and that Web sites with infected pages would be shut down quickly once they are detected.
"I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs."
The problem involves tricking Windows into processing unsafe code built into a Web page or e-mail message. It was particularly unusual because it affected so many different versions of Windows, from Windows 98 to its latest Windows XP editions.
There was some good news. Microsoft said customers using the newest versions of its e-mail software, Outlook Express 6 and Outlook 2002, were protected from hackers trying to exploit the problem using e-mails.
Older versions of Outlook would also be safe if customers had manually applied another security patch, which Microsoft released in 2000 after the spread of the damaging "ILOVEYOU" virus.
Microsoft said customers could manually adjust settings hidden deep within its Internet Explorer browsing software to prevent Windows from processing the dangerous code. Experts, however, said that was not easy to do for many users and that it would cripple convenient functions for many popular Web sites.
AP Technology Writer
Wednesday, March 19, 2003; 3:35 PM
Microsoft Corp. on Wednesday warned about a serious flaw in almost every version of its popular Windows software that could allow hackers to seize control of a person's computer when victims read e-mails or visit Web sites.
Microsoft assessed the problem's urgency as critical, its highest level, and urged customers to download a free repairing patch immediately from its Web site, www.microsoft.com/security.
The company said it was unaware of any reports that hackers already had used the technique to break into computers, but the time between disclosure of a new flaw and such break-ins has become increasingly short.
Russ Cooper, a security expert for TruSecure Corp., based in Herndon, Va., predicted that antivirus software will be updated to protect users who might receive infected e-mails and that Web sites with infected pages would be shut down quickly once they are detected.
"I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs."
The problem involves tricking Windows into processing unsafe code built into a Web page or e-mail message. It was particularly unusual because it affected so many different versions of Windows, from Windows 98 to its latest Windows XP editions.
There was some good news. Microsoft said customers using the newest versions of its e-mail software, Outlook Express 6 and Outlook 2002, were protected from hackers trying to exploit the problem using e-mails.
Older versions of Outlook would also be safe if customers had manually applied another security patch, which Microsoft released in 2000 after the spread of the damaging "ILOVEYOU" virus.
Microsoft said customers could manually adjust settings hidden deep within its Internet Explorer browsing software to prevent Windows from processing the dangerous code. Experts, however, said that was not easy to do for many users and that it would cripple convenient functions for many popular Web sites.