Windows security flaw could allow hackers to take over PCs through malicious Web sites.
December 13, 2005: 9:04 PM EST

SAN FRANCISCO (Reuters) - Microsoft Corp. on Tuesday warned users of its Windows operating system of a "critical" security flaw in its software that could allow attackers to take complete control of a computer.

The world's largest software maker issued a patch to fix the problem as part of its monthly security bulletin. The problem mainly affects the Windows operating system and Microsoft's Internet Explorer Web browser.

Computer security experts and Microsoft urged users to download and install the patch available at www.microsoft.com/security.

Microsoft said the vulnerability exists in its Internet Explorer Web browser, which an attacker could exploit to take over a PC by running software code after luring users to malicious Web pages.

Microsoft also issued one other security warning it rated at its second-highest level of "important."



A vulnerability defined as "important" is one where an outsider could break into a machine and gain access to confidential data but not replicate itself to other computers, Microsoft said.

Microsoft defines a flaw as "critical" when the vulnerability could allow a damaging Internet worm to replicate without the user doing anything to the machine.

The "critical" flaw affects Internet Explorer which is a part of Windows while the "important" flaw is a vulnerability in the fundamental code that the higher level functions of Windows are all based on.

For more than three years, Microsoft has been working to improve the security and reliability of its software as more and more malicious software targets weaknesses in Windows and other Microsoft software.

More than 90 percent of the world's personal computers run on the Windows operating system.