New Windows Security Issue

Written by dante

Microsoft Corp issued an interim security update Friday to protect users of its nearly ubiquitous Internet Explorer browsers from a new technique for spreading viruses.

The update does not entirely fix the flaw that makes the spread possible, but it changes settings in Windows operating systems to disable hackers’ ability to deliver malicious code with it.

The security measure came in response to last week’s discovery of a computer virus designed to steal valuable information like passwords. Though its outbreak was mild, security experts said the technique for spreading it was novel and could be used to send spam or launch broad attacks to cripple the Internet.

Hackers had converted hundreds and possibly thousands of Web sites into virus transmitters by first hiding malicious code using a vulnerability with Microsoft’s software for operating Web sites. A fix for it had been issued in April but was not universally applied.

Two other flaws in Microsoft products allowed hackers to direct Internet Explorer browsers to automatically run the virus when visiting an infected site.

Though one of those flaws remains unfixed, Friday’s setting changes thwart any attack by prohibiting a Web application from writing files such as the virus code onto users’ computers.