Microsoft warns of Outlook flaw

Microsoft has issued four critical alerts in three months

A flaw in Microsoft's popular e-mail program, Outlook, is worse than first thought.

The software giant has upgraded a recent security warning to "critical", urging Windows users to download the latest patch.

The vulnerability was originally rated as "important" in Microsoft's monthly security bulletin issued on Tuesday.

It subsequently learnt that the flaw could be used to download and run a program on an affected computer.

"This change is based on information concerning a new attack scenario discovered after the bulletin's original release on 9 March," said the company in a statement.

It was partly acting on information from an independent Finnish computer researcher, Jouko Pynnonen.

The flaw only affects the 2002 version of Outlook. Microsoft said that people who had already updated their software or downloaded the latest security updates were not at risk.

Plugging holes

Microsoft has intensified its efforts to improve the security of its software and plugs holes in older versions of its products.

It now sends alerts in a monthly bulletin, rather than on an ad hoc basis, except in emergencies.

The aim is to make it easier for people to update their software in one go, rather than applying individual patches intermittently.

It is part of Microsoft's Trustworthy Computing initiative, which is designed to make its programs more secure and reliable.

Critics say the company should design better software from the start, rather than rely on updates to fix problems.

Since the beginning of 2004, Microsoft has released 10 security warnings, four of them rated as critical.

This compares to 51 issued last year, of which 20 were classified as the highest category of threat.