[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Tuesday, 11 April 2006, 05:01 GMT 06:01 UK
Users urged to fix browser flaw
Man using computer, BBC
The patches will plug loopholes in Windows
PC users are being urged to apply software patches that close "critical" vulnerabilities in Microsoft Windows.

Since coming to light in late March, the flaws have proved very popular with malicious hackers keen to steal confidential data from PCs.

Hackers have created hundreds of web pages that use the bug to take over vulnerable computers.

Microsoft resisted calls to release patches early but other security firms produced software to protect users.

Malicious websites

The most serious of the four loopholes being closed by the Microsoft patches is known as the CreateTextRange bug and is one that has been labelled "critical", the highest level.

The vulnerabilities addressed in Tuesday's security update for Windows came to light in quick succession towards the end of March.

The CreateTextRange bug occurs in Microsoft's Internet Explorer web browser and potentially hands over control of a vulnerable computer to an attacker if a specially crafted web page is visited.

Criminals typically try to trick people into visiting such sites by sending out spam or phishing e-mail messages.

Sometimes the sites that these messages contain links to closely resemble bank websites, others look benign but behind the scenes are installing backdoors that malicious hackers can use.

Microsoft played down the threat posed by the crop of vulnerabilities and said it could find little evidence that they were being widely exploited. On the Microsoft Security Response Center blog it said there was only evidence of "limited attacks".

The software giant said this was why the patches were provided as part of its monthly security updates, rather than straight away.

However, soon after the bugs came to light security firm Websense said it had found more than 200 web pages created specifically to exploit the CreateTextRange vulnerability.

More recently, other security experts reported a significant increase in the amount of data that phishing gangs were harvesting thanks to the bug.

In response two security firms, eEye and Determina, produced independent patches that could help to keep organisations safe before the official fix was made available.


SEE ALSO:
Microsoft warns on browser bugs
27 Mar 06 |  Technology
Bad web browser bug gets patched
29 Mar 06 |  Technology
European phishing gangs targeted
20 Mar 06 |  Technology
Microsoft tackles security rivals
09 Feb 06 |  Technology
New year brings fresh security fears
27 Jan 06 |  Technology


RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites



PRODUCTS AND SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific