[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Friday, 11 August 2006, 09:26 GMT 10:26 UK
Official warning on Windows bugs
Windows XP on laptop, Getty
The bug allows attackers to take over Windows machines
The US Department of Homeland Security has urged Windows users to install the latest patches from Microsoft as quickly as possible.

In particular it warned about one bug fixed in the latest batch of security updates that, if exploited, could put a PC under the control of an attacker.

Microsoft's recent update fixed 23 flaws found in Windows software.

Many of these bugs are known to malicious hackers and some are already actively exploited on the net.

Fast fix

Microsoft typically issues security updates for Windows and its associated programs on the second Tuesday of every month. In the August update, seven of the fixes were rated as "critical" - the highest rating.

The DHS was most concerned about the flaw identified in the MS06-040 security report. This identified a problem with the Windows server service that allows attackers to take over machines without users doing anything to help.

A worm written to exploit this bug "could enable an attacker to remotely take control of an affected system and install programs, view, change, or delete data, and create new accounts with full user rights," said the DHS in a statement. As well as overseeing efforts to combat terrorism the DHS also has a role in cybersecurity.

It said it expected the bug to be exploited within 24 hours of its existence becoming known.

Microsoft reported via its security blog that it had already seen a "limited" attack using this bug. It also said that there had been more than 100 million downloads of the MS06-040 fix since it was made available.

The server service bug is found in Windows 2000, XP and Windows Server 2003.

The vulnerabilities fixed by other patches are found in a variety of Windows programs including the Office software suite and the Internet Explorer browser.

One bug being patched is found in Microsoft's PowerPoint presentation software and an exploit code is known to be circulating online. Security experts said 11 other flaws were known to malicious hacking groups.

Users can get hold of the fixes via the Windows Update site or by using the update tool on Windows.


SEE ALSO
Mac users 'too smug' over security
16 Jan 06 |  Technology
Poisoned PowerPoint attacks users
20 Jul 06 |  Technology
Windows gets big security update
13 Jun 06 |  Technology
Microsoft battles Word PC virus
25 May 06 |  Technology
Firms slow to fix security flaws
18 Apr 06 |  Technology

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites



FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

PRODUCTS & SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific