Microsoft has released a security update that fixes 14 flaws in the Windows operating system. Nearly half of them with a critical rating, these problems occur in Windows XP, 2000, NT 4.0, and in Windows Server 2003. The fixes for XP users will be available in Service Pack 2, but Microsoft suggests immediate action to patch the holes.
Crackers have been coming up with code to exploit the security vulnerabilities at an accelerated rate. The recent Sasser worm which takes advantage of one of the six critical holes to infect PCs was created in less than two weeks. Sasser and similar worms can invade computer systems independent from the users actions, such as opening email. A missing update alone can leave the computer vulnerable to such malicious worms.
During a presentation at Microsofts Silicon Valley campus, Rich Kaplan, corporate VP of security business and technology marketing, said Microsoft is focusing on four general areas: reducing the impact of malicious software on company networks, improving system and application access control, developing more secure and reliable software products, and providing better guidance to customers on how to plug security holes
Kaplan also explained how the Windows XP Service Pack 2 will better protect Web browsers and toughen network security. The service pack has the ability to block pop-up windows and the installation of ActiveX controls, which not only slow performance but often are used to download malicious software to a PC. "It puts the user back in control," he said. He also showed a new security-center icon in the system tray that will keep users informed on the status of firewall protection, system updates, and antivirus protection.
Windows XP Service Pack is due out in September, but the patches are available now at http://www.microsoft.com.