Microsoft announces fix for "critical" flaw


PC users are being urged to apply software patches that close a "critical" vulnerability in Microsoft Windows. Since coming to light in late March, the flaws have proved popular with hackers, who have created hundreds of webpages that use the bug to take over vulnerable computers.

The most serious of the four loopholes being closed by the Microsoft patches is known as the CreateTextRange bug and is one that has been labelled "critical", the highest level. It affects the IE browser and can potentially hand over control of a vulnerable PC to an attacker if a specially crafted webpage is visited.

Users have been encouraged to visit these malicious sites via spam or phishing emails. Often the sites look like legitimate sites (for example, banking sites), but behind the scenes are installing backdoors for hackers to exploit.

Microsoft held off releasing the patches despite evidence from security experts that webpages exploiting the holes were already online. Some web security firms even released their own patches before Microsoft.

If you haven’t patched up yet, you can download the fixes at:

More Microsoft:
Microsoft offers free music downloads
Microsoft announces details of Vista

Dave Walker
For latest tech stories go to