'Critical' Windows fix rushed out

As expected, Microsoft has issued a patch two weeks early to plug a security hole that has been exploited by cybercriminals

Microsoft issued a "critical" security fix for Windows on Tuesday, two weeks before its scheduled release date.

The company is breaking with its monthly patch cycle to fix a flaw that cybercrooks have been using to attack Windows PCs via Internet Explorer. Malicious software can be loaded, without the user"s knowledge, onto a vulnerable Windows PC when the user clicks on a malicious link on a Web site or in an email message.

"An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML email that could potentially allow remote code execution if a user visited the Web page or viewed the message," Microsoft said in security bulletin MS06-055. Email messages that use HTML, or HyperText Markup Language, look like a Web page.

The vulnerability does not apply to IE 7, the upcoming version of IE that is available right now in a pre-release form, Microsoft said.

Microsoft typically releases fixes on each second Tuesday of the month, which has become known as Patch Tuesday. The last time the software maker rushed out a fix was in January, when another image-related flaw in IE was being used to compromise Windows PCs through malicious Web sites.

View: Full Article @ ZDNet

Report a problem with article
Next Article

Xbox 360 with HDMI Spotted in the Wild

Previous Article

Judge tosses part of AMD suit against Intel