Microsoft decade patches with 2 softwares crack

SAN FRANCISCO (AFP) - Microsoft
issued an emergency patch
Wednesday for a dangerous flaw that
has existing in Windows operating
software for nearly two decades.
The vulnerability, disclosed by IBM
security researchers, has been in
every Windows operating system
since 1995 and could allow a hacker
to take control of computers after
luring Internet Explorer browser
users to booby-trapped Internet
pages.
A hacker who successfully exploited
the weakness could have the same
control of a machine as the user,
but taking advantage of the flaw was
deemed "tricky" and there was no
evidence hackers had managed to
pull off such a move.
"We released Security Bulletin MS
14-064 to help protect customers
against this issue and customers
with automatic updates enabled do
not need to take an action as they
are automatically protected,"
Microsoft said in an email response
to an AFP inquiry.
Robert Freeman of IBM X-Force said
in a blog post: "This complex
vulnerability is a rare,  unicorn-like
bug found in code that IE relies on
but doesn t necessarily belong to.
"The bug can be used by an attacker
for drive-by attacks to reliably run
code remotely and take over the
user s machine."
The software fix, labeled "critical" by
Microsoft, was one of 32 patches
released by the US technology titan
as part of its routine update cycle.
Windows powers about 90 percent of
computers worldwide.