Windows Critical Flaw admitted by Microsoft

From BBC website. I am not sure but it seems to be new flaw.

Microsoft has warned that a "critical" flaw in the latest versions of its Windows operating system could allow hackers to access a person's computer.

In its monthly security bulletin, the world's largest software maker said Windows versions NT, 2000, XP and Server 2003 were affected.

Giving the problem its highest security rating of "critical", Microsoft has called on users to download a software repairing patch free from its website.

This is said to cure the problem.

The flaw is also said to be completely unconnected with the latest clutch of computer viruses currently causing problems around the world.

'Serious vulnerability'

It could however allow hackers to quietly break into someone's computer to steal files, delete data, or eavesdrop on what that user is doing.

Marc Maiffret of eEye Digital Security, the US company that discovered the Windows flaw, said it was a major issue.

"This is one of the most serious Microsoft vulnerabilities ever released," said Mr Maiffret.

"The breadth of systems affected is probably the largest ever."

He added: "This is something that will let you get into internet servers, internal networks, pretty much any system."

Keynote speaker

Microsoft security executive Stephen Toulouse urged users to download the free upgrades.

He said the problem software was "an extremely deep and pervasive technology in Windows".

Craig Schmugar, a virus research manager at US computer firm Network Associations, recommended that people install the patches "as soon as possible".

Microsoft's disclosure comes just weeks before chairman Bill Gates is to deliver a keynote speech at a key computer security conference in San Francisco.

5 Comments

  • Paschal,



    For someone who has criticized what others post on the main feed, I would think that you would realize that nearly everyone on the main feed probably has other means of finding out about Windows flaws. It would be great if you would refrain from clogging up the main feed with posts like this.



  • " It would be great if you would refrain from clogging up the main feed with posts like this. "

    erm... and you think the world is more interested in some of the MS blogs about offtopic stuff (definitely not .NET related material) posted on the mainfeed than this critical flaw which should be patched by everyone NOW ? :) I don't think so.

  • Frans,



    You seem to be completely missing my point, which is that there are more appropriate places for notices such as this. Anyone who runs Windows Update regularly or has automatic updates enabled (which I do) would get this patch in a timely fashion. Paschal's notice is, IMO, redundant for this audience.



    What's next? Should we all post warnings about the next variant of MyDoom to the main feed? Talk about chaos!



    It's not Paschal's job to notify us of critical flaws, and it is, IMO, a waste of space on the main feed. It's not a question of what the world is "more interested in".

  • Who you think you are G. Andrew Duthie to tell me what I should write or not writing ? I know it's embarassing to report something wrong with MS but tell that to BBC. It seems that in this case it's true and it made the front page in BBC site.

    We have a lot of wasted bandwith already in the mainfeed regarding topics which in my opinion, have absolutly nothing relating to Microsoft technologies. The funny thing is that these off topic subjects came sometime from MS bloggers !!

    And for the critical patchs I will continue to report as long as I want, also as a personal reminder so that I will not forget to apply them a day after. And for info the last critical patch is still not coming on automatic updates for me on the 2 machines I run at home. I have to manually install them

  • Paschal,



    "Who you think you are G. Andrew Duthie to tell me what I should write or not writing ?"



    I am *not* telling you what to write or not write. I am *asking* that if you choose to post notices of security flaws that are available elsewhere, that you do so without posting them to the main feed. Scott W. was kind enough to include a checkbox on the admin page to include or not include a post in the main feed, so it's not like that's hard to do.



    "We have a lot of wasted bandwith already in the mainfeed regarding topics which in my opinion, have absolutly nothing relating to Microsoft technologies."



    So that's an excuse to waste *more* bandwidth? Surely you don't think that's a convincing argument.



    "And for the critical patchs I will continue to report as long as I want, also as a personal reminder so that I will not forget to apply them a day after."



    If all you need is a personal reminder, there's no reason the post needs to go on the main feed.



    "And for info the last critical patch is still not coming on automatic updates for me on the 2 machines I run at home. I have to manually install them"



    Well, they all showed up just fine for me on Windows Update.



    Also, as an observation, for someone who has dished out more than your fair share of criticism of others (IMO), you don't seem very willing to listen to any criticism without getting defensive. Why not give some thought to the comments, rather than immediately going on the attack? Otherwise, if you're not actually interested in what people think, just turn off the comments.



Comments have been disabled for this content.