Microsoft plugs 6 security holes

By JESSICA MINTZ,
AP Technology Writer
Tue Oct 9, 5:18 PM ET

Microsoft Corp. issued six security patches in a regular update Tuesday, among them fixes for flaws that could let hackers hijack computers using a Web browser.

The software maker gave four of the security updates its most urgent "critical" rating.

Within that group, Microsoft used a single update to fix several separate flaws found in different versions of the Internet Explorer Web browser, including the most recent, IE7.

That patch blocks any attempts by attackers to put fake content into the address bar of a Web browser — a technique used in phishing scams to convince Web surfers that a fake site is actually their bank, for example.

The patch is also meant to prevent hackers from breaking into Web surfers' computers using specially crafted Web pages.

"There has always been this escalating arms race" between hackers and security professionals, said Ben Greenbaum, a senior manager at Symantec Security Response. "Lately, the stakes are higher. People are losing actual money due to attacker activities."

The three other "critical" patches also help keep hackers from breaking into users' computers to steal information or install malicious software.

One fixes a problem with Kodak Image Viewer, formerly known as Wang Image Viewer, used on computers that run Windows 2000 or that were upgraded from Windows 2000.

Another critical patch fixes a flaw in the way newsgroups are handled by Outlook Express and Windows Mail. The third protects users of Microsoft Word 2000 and 2004 and Office for Mac 2004 from malicious Word documents.

Microsoft also issued two "important" patches — the software maker's second-most-urgent rating — related to Windows, Office and Sharepoint.

Windows users can visit Microsoft's security Web site to get the updates, or configure their computers to automatically update each month.

___

On the Net:

http://www.microsoft.com/security

Copyright © 2007 The Associated Press.