Another Security Lapse Announced by Microsoft

Microsoft issued a warning on Thursday that its Windows product contains a critical flaw that could potentially permit a hacker to take control of a user's computer once the user opens an e-mail or Web page that contains malicious code. The flaw is in the Windows Script Engine that allows Windows to execute JScript code (Microsoft's version of Java scripting language that adds functionality to Web pages).

iDefense Inc., an Internet security company, said that it knew about the Windows flaw last December and passed the information on to Microsoft in early January. However, iDefense had let its customers know about the flaw before Microsoft could remedy it, so reports about it were distributed on the Internet before the patch could be issued. There have been no reports as yet of anyone trying to stage any attacks.

Microsoft confirmed that the faulty code was created years ago and included in every successive generation of Windows without programmers ever realizing it. Microsoft's newest software versions, Outlook Express 6 and Outlook 2002, are protected from hackers trying to exploit the flaw.

Applying a free patch can protect older Outlook versions. Get it by clicking here.