Three security vulnerabilities in Windows

Microsoft has released a warning about two serious security vulnerabilities in Windows.

One of the problems affects the Microsoft Colour Management Module, a component of Windows that handles colours. The other relates to the JView Profiler, part of Microsoft’s Java Virtual Machine. The vulnerabilities could be used to commandeer a PC.

An intruder can take advantage of the JView Profiler flaw by crafting a malicious Web page and persuading a user to visit the site. As for the Colour Management Module vulnerability, people can fall victim to an attack by viewing a malicious image.

Attackers are already using the JView Profiler flaw to download and install Trojan horses on victims’ machines. The Trojans will allow them to remotely control a hijacked PC and make it a part of a network of such computers known as a botnet, an increasing cyber threat.

The Windows vulnerabilities are described in two bulletins issued as part of Microsoft’s monthly patch cycle. A third alert deals with a bug affecting Word 2000 and Word 2002. The Word flaw could allow an attacker to control a vulnerable PC.

All three bulletins get Microsoft’s highest security rating, but only the Windows flaws are actively being used to attack users. The company is encouraging all customers to apply its updates.