Microsoft Releases Security Update To Block New Virus Transmitters

Though the updates do not entirely fix the flaw with Microsoft's nearly ubiquitous Internet Explorer browsers, they change settings in Windows operating systems to make it impossible for hackers to use the flaw to deliver malicious code to users' computers.

Stephen Toulouse, a security program manager at Microsoft, said the company still was working on a comprehensive patch to close vulnerabilities with Internet Explorer, but the settings change should protect users from the immediate threat.

First discovered by Microsoft last week, the new technique allowed the spread of a computer virus designed to steal valuable information like passwords. The impact of the "Scob" outbreak was mild, but security experts worried others might copy the technique to send spam or launch broad attacks to cripple the Internet.

Russ Cooper, a senior researcher at TruSecure, welcomed the update, but said it should have come sooner than a week.

"It would have taken a couple of hours to put it together as a package, and []the testing] process can take a day or two," Cooper said.

But Toulouse said that given the broad user base for Windows and Internet Explorer, even a problem affecting less than 1 percent of users potentially hurts millions of customers.

He said the settings change may cripple legitimate applications used internally by Web developers and corporate networks. Microsoft was preparing special instructions for those people.

The updates were being made available to consumers later Friday and would be automatically installed if computers are set to receive them. Users can also visit http://windowsupdate.microsoft.com when the updates are released.

For more information on this particular exploit click here.

Copyright © 2004 The Associated Press. All rights reserved. The information contained in the AP News report may not be published, broadcast, rewritten or redistributed without the prior written authority of The Associated Press.