BBC Home
Explore the BBC
BBC News
Launch consoleBBC NEWS CHANNEL
Last Updated: Wednesday, 13 April, 2005, 11:23 GMT 12:23 UK
Net security bug prompts warnings
Copies of Microsoft Windows XP on sale, PA
Many Microsoft products are affected by the bugs
Microsoft has issued patches for five critical bugs in its software.

The bugs affect Windows, Internet Explorer, Word, Messenger and Exchange. If exploited the loopholes could give an attacker complete control over a compromised computer.

One flaw is found in so much of the net's software that the UK government's national computer security advisor issued its own warning about it.

Users were urged to install the patches to ensure their machine was protected.

Bad bugs

The warnings about the critical vulnerabilities were issued as part of Microsoft's April security update. As well as these most serious bugs, Microsoft warned about three others that it only considered "important" - the second highest rating.

Most of the critical bugs involve weaknesses that, if exploited, would allow attackers to run their own code remotely on a target machine.

Internet Explorer
Windows 98, ME, XP and 2000
Windows 2000 Service Packs 3 and 4
Windows XP 64-bit edition, version 2003 and Service Pack 1
Windows XP Service Packs 1 and 2
Windows Server 2003
Office Word 2003
Works Suite 2001, 2002, 2003, 2004
Word 2002
MSN Messenger 6.2
Exchange Server 2003
Exchange Server 2003 Service Pack 1
Exchange 2000 Server Service Pack 3
Any malicious hacker who managed to do this would have complete control over the machine and could use this access to steal confidential information or use that machine as a spam forwarder or to attack other websites.

Microsoft said it was important for users to download the patches and apply them because often computer code written to exploit the loopholes quickly follows the issuing of a fix of a bug.

Users are less likely to fall victim to some of the bugs which require them to visit websites loaded with malicious code that exploits the flaws.

However, one of the flaws that Microsoft has flagged in its April update affects many of the net systems that use the IP networking protocol.

As its name implies IP, aka Internet Protocol, is integral to the way the net works.

Gerhard Eschelbeck, chief technology officer of Qualys which found the flaw, said the bug could let an attacker interfere with net traffic to mount attacks on websites by cutting people off from those sites. These are known as Source Quench attacks.

So far Microsoft, Cisco, Juniper, IBM and Red Hat have all issued advice and updates for products that tackle the bug.

Warning over fake Windows update
08 Apr 05 |  Technology
Security scares spark browser fix
16 Feb 05 |  Technology
Gates says security is priority
28 Jan 05 |  Click Online
Microsoft makes anti-piracy move
26 Jan 05 |  Technology
Ex-hacker warns on computer security
08 Apr 05 |  Click Online

The BBC is not responsible for the content of external internet sites


News Front Page | World | UK | England | Northern Ireland | Scotland | Wales | Politics
Business | Entertainment | Science/Nature | Technology | Health | Education
Have Your Say | Magazine | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific