Microsoft Finds New Windows Security Flaws
Microsoft Corp. said yesterday that it had identified a host of new security flaws in its software, some of which could allow hackers to remotely commandeer vulnerable computers, and it urged users to install a series of software updates to address the problem.
Computer experts said it appeared that hackers had not yet exploited any of the security holes. The vulnerabilities were discovered mostly by computer security firms and researchers, who alerted Microsoft so it could develop solutions. The company posted four security bulletins on its Web site yesterday as part of a monthly effort to release updates to its Windows operating system software.
The Web site (www.microsoft.com/security/) leads users through the steps they need to follow to download and install the updates. Patches are available for Windows NT 4.0, Windows 98 and newer releases, including Windows Me and XP.
Microsoft rated three of the four security bulletins as critical, requiring prompt attention. The fourth it rated important. It said the critical bulletins accounted for 20 vulnerabilities in various versions of the company’s Windows software.
“Number-wise, it is an amount that is unusual,” said Stephen Toulouse, security program manager with Microsoft’s Security Response Center, though he was not sure whether it was the largest number of security holes the company has addressed at one time.
I understand that Windows is an incredibly complex piece of software and that the flexibility that made it the dominant operating system also makes it vulnerable. But one would think that, once a piece of software has been on the market for several years, the kinks would have been ironed out.