Three security vulnerabilities in Windows
Microsoft has released a warning about two serious security vulnerabilities
One of the problems affects the Microsoft Colour Management Module, a component
of Windows that handles colours. The other relates to the JView Profiler, part
of Microsofts Java Virtual Machine. The vulnerabilities could be used
to commandeer a PC.
An intruder can take advantage of the JView Profiler flaw by crafting a malicious
Web page and persuading a user to visit the site. As for the Colour Management
Module vulnerability, people can fall victim to an attack by viewing a malicious
Attackers are already using the JView Profiler flaw to download and install
Trojan horses on victims machines. The Trojans will allow them to remotely
control a hijacked PC and make it a part of a network of such computers known
as a botnet, an increasing cyber threat.
The Windows vulnerabilities are described in two bulletins issued as part of
Microsofts monthly patch cycle. A third alert deals with a bug affecting
Word 2000 and Word 2002. The Word flaw could allow an attacker to control a
All three bulletins get Microsofts highest security rating, but only
the Windows flaws are actively being used to attack users. The company is encouraging
all customers to apply its updates.