Microsoft delivered a chilling warning to customers yesterday that a “critical flaw” in the latest versions of its Windows operating system could give hackers a backdoor into their PC - enabling them to steal files, delete data or even eavesdrop on sensitive information.
It's the second major security flaw announced this month by Microsoft and the company has given the problem its highest security rating of "critical.”
Windows versions NT, 2000, XP and Server 2003 are said to be affected and the only cure is to apply a repairing patch that can be downloaded free from Microsoft’s website.
Stephen Toulouse, a security executive with Microsoft's security response centre, urged users to download the free upgrade and apply the patch immediately.
He said the flawed software was "an extremely deep and pervasive technology in Windows".
Russ Cooper, a security expert with TruSecure Corporation, said that the latest vulnerability was especially insidious because it could allow attacks on the equivalent of the computer's immune system.
"It's like AIDS," he said.
"This is the stuff that's supposed to protect us!"
Researchers learned about the flaws more than six months and this recent disclosure comes just weeks before Microsoft chairman Bill Gates delivers a keynote speech in San Francisco at one of the industry's most important security trade conferences.
Microsoft has struggled in recent months against a tide of renewed criticism about security risks in its software, the engine for computers in most of the world's governments, corporations and homes.
"This is one of the most serious Microsoft vulnerabilities released," said Marc Maiffret, of eEye Digital Security in California, the company that discovered the flaw.
"The breadth of systems affected is probably the largest ever”.
“This is something that will let you get into Internet servers, internal networks, pretty much any system."
Mr Maiffret said systems that control important power or water utilities were vulnerable and he predicted hackers would try to unleash an Internet infection within weeks.
Mr. Maiffret also said that he was surprised that it took Microsoft so long to issue a patch.
"All the reason Microsoft gave us was 'extra testing,' but it doesn't take that long to test something this simple," he said.
Mr. Toulouse of Microsoft disagreed, saying, "We don't just produce a fix, we produce a comprehensive fix.
" A quick response that does not work for every user, or which introduces new vulnerabilities, "would almost be worse than no fix at all," he said.
The flaw is said to be completely unconnected with the latest clutch of computer viruses currently causing problems around the world.
Sources: BBC, Guardian Unlimited, Internet News, New York Times
Return to internet news headlines
View Internet News Archive