Seattle: Microsoft Corp. released four software patches on 12 September to fix security flaws, including one that could allow hackers to take over computers running the company’s instant messaging programs.
Only one of the flaws carried the company’s most severe “critical” rating, and it only applies to the Windows 2000 operating system. To be affected, users would have to visit a Web site and install a program that could then run malicious code on their computers, said Mark Griesi, a security program manager at the Redmond-based software maker.
The other security vulnerabilities including the one affecting MSN Messenger and Windows Live Messenger were assigned the second-highest “important” rating. The IM flaw would allow hackers to run malicious code on computers if users click on an instant message link inviting them to check out a video.
“If the victim accepts that invitation, that’s when this vulnerability kicks in,” said Amol Sarwate, manager of the vulnerability research lab at the security company Qualys Inc.
Hackers are beginning to target instant messaging programs because it is getting harder to trick people into clicking on links sent in e-mails, analysts say. And not all PC security programs cover instant messaging programs, said Andrew Storms, director of security operations at nCircle, a vulnerability management company.
Two other patches released on 12 September as part of Microsoft’s regular monthly security updates affect programs used by software developers and administrators of corporate computer systems. Microsoft recommends that all users set up their computers to receive the updates automatically.