» Topic:  Microsoft patches security defect

» Added by:  www.tmcnet.com

» Date:  7.1.2006

  Microsoft yesterday bowed to pressure from security experts and published an official patch to correct one of the biggest-ever security holes in its Windows operating system five days earlier than expected.

The flaw, which was discovered last week, put millions of Windows computers, which account for about 90 per cent of PCs worldwide, at risk of infection by spyware or viruses.

Mike Nash, vice-president of Microsoft's security division, said conversations with customers contributed to the company's decision to accelerate the release of the patch.

"While we would always like to have more time, we are confident in the quality of the update," Mr Nash wrote on Microsoft's security centre weblog.

Microsoft had planned to wait until January 10th to publish the official fix in its monthly security bulletin. Those plans, which were in line with the company's normal practice, drew criticism from computer users and security experts, who said that leaving a hole in Windows's security defences would leave millions of computers vulnerable to attack by hackers.

The new vulnerability was considered particularly dangerous because, unlike traditional attacks, which require victims to download or execute a suspect file, most users' computers could be infected simply by viewing a website, e-mail or instant message that contained a virus-laden image.

"Everybody was hoping they would get the patch out before a major attack would start," said Mikko Hypponen, chief research officer at F-Secure, a Finnish anti-virus company. "Now it looks like they succeeded."

Microsoft said that although it continued to monitor hackers seeking to exploit the security hole, attacks so far had been limited.

Source : www.tmcnet.com