Microsoft patches Windows, offers malware removal tool

Microsoft Corp. on Tuesday offered patches for several serious Windows security holes and released a new tool that lets users remove malicious software from their PCs.

Additionally, Microsoft said it now has a formal closed beta test program for testing security updates. Through the new “Security Update Validation Program,” select customers and partners representing many backgrounds will get access to security updates to test for application compatibility, Microsoft said in a statement.

Microsoft has always tested its security updates before releasing them publicly. However, the Redmond, Washington-based company established this beta program over the past year to provide broader testing in more real-world scenarios, a spokeswoman said.

On its first “patch Tuesday” in 2005, Microsoft published three Security Bulletins, all related to Windows. Two of the bulletins are rated “critical,” Microsoft’s highest severity rating, while the other is “important,” one notch lower on the vendor’s scale.

In Microsoft’s rating system for security issues, vulnerabilities that could allow a malicious Internet worm to spread without any action on the part of the user are rated critical. Issues that require a user action to spread a worm, but could still expose user data or threaten system resources, are rated important.

The first critical vulnerability lies in the Windows HTML Help system, which has been subject of security flaws in the past. The latest flaw was reported last month and has been exploited to attack users, according to Microsoft. It can allow an attacker to take control of a victim’s system through a malicious Web site or an e-mail message.

The Windows HTML Help system is designed to help PC users by providing graphics, multimedia elements, and hyperlinks to additional information. The vulnerability puts systems running Windows XP, Windows Server 2003, Windows 2000 at risk, Windows NT Server 4.0 is not affected, Microsoft said in Security Bulletin MS05-001.

MS05-002, the second critical Security Bulletin of the year, details two flaws in the way Windows handles cursor, animated cursor and icon formats. One flaw is so serious that it could give an attacker complete control of a user’s system, while the other flaw could be exploited to crash Windows systems, a denial of service attack, Microsoft said.

The cursor and icon format handling affects Windows NT Server 4.0, Windows 2000, Windows XP and Windows Server 2003. Systems with Windows XP Service Pack 2 (SP2) are not exposed as a result of this issue, according to Microsoft.

Deemed “important” by Microsoft is a flaw in the Windows Indexing Service that affects Windows 2000, Windows XP with SP1, Windows Server 2003 and several 64-bit editions of Windows. Not affected are Windows NT Server 4.0, Windows XP SP2, Windows 98, Windows Millennium Edition, Microsoft said.

The Indexing Service is part of the operating system and builds catalogues for the contents and properties of the file systems, for example. The vulnerability could allow an attacker to control a victim’s PC, but the risk is mitigated because the indexing service is not enabled by default, among other reasons, Microsoft said in Security Bulletin MS05-003.

Along with its monthly security alerts, Microsoft also made available a new malware removal tool. The tool, officially announced last week, will be updated every month and lets users remove malicious software related to viruses and worms from their systems. The tool is available on Microsoft’s Web site and the Microsoft update services.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now