Microsoft warns of software flaws in Windows
Microsoft Corp. warned users on Tuesday of three new security flaws in its Windows and Word software. and issued patches to fix the flaws, which could allow attackers to take over a computer system.
All three of the "critical"-rated security patches could potentially allow an attacker to take control of a personal computer and use it to steal data or launch other attacks, said Stephen Toulouse, a manager at Microsoft's Security Response Center.
"The key thing is really that we want to make people understand the risk with these flaws and that they enable automatic updates," said Toulouse, referring to a feature in Windows that downloads and installs the software patches automatically.
Two of the flaws are related to imaging technology used by Windows, which could potentially allow an attacker to take control of a system simply by having the user view a digital image that contains software code that exploits the flaw, which could be installed on a computer without the user's knowledge.
"Simply by viewing one of these malicious images you can become infected with anything from adware and spyware to any other suspicious code," said Oliver Friedrichs, senior manager at Symantec Corp.'s Security Response Center.