In addition to issuing three patches for
potentially critical flaws in its Internet Explorer on Tuesday, Microsoft
launched the Windows Malicious Software Removal Tool.
Microsoft rated two of the flaws in IE “critical” and a third “important” after
the company discovered that malicious code could exploit holes in the browser.
The HTML Help vulnerability detailed in
Security Bulletin MS05-001
could allow information disclosure or remote code execution on an affected system, according to the bulletin.
An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote
code execution if a user visited that page. According to Microsoft, which gave it a critical rating, even when equipped
with the latest Service Pack 2 (SP2) patch, end users were vulnerable to Trojan attacks.
Last month, Chinese security group xFocus
reported the flaw before the patch cycle, which drew the ire of Microsoft. The company argued the action put
computer users at risk.
Security Bulletin MS05-002
highlights vulnerabilities in cursor and icon format handling. This vulnerability, which Microsoft
rated critical, could allow an attacker to try and exploit the vulnerability by constructing
a malicious cursor or icon file that could potentially allow remote code execution if a user visited a malicious Web
site or viewed a malicious e-mail message, according to the bulletin.
A Denial of Service (DoS) vulnerability is also highlighted in Security Bulletin MS05-002, and it
affects the way that cursor, animated cursor and icon formats are handled. An attacker
could try to exploit the vulnerability by constructing a malicious cursor or icon file
that could potentially cause the operating system to become unresponsive, according to the bulletin.
The third vulnerability patched today exists in the Indexing Service because of
the way that it handles query validation, according to
Security Bulletin MS05-003
An attacker could exploit the vulnerability
by constructing a malicious query that could potentially allow remote code execution on
an affected system. An attack, according to the bulletin, would most likely result in a DoS condition.
The monthly patch cycle, which occurs the second Tuesday of every month,
will now include updates of the anti-malicious software removal tool, according to a Microsoft spokeswoman.
The spokeswoman said the updates to the removal tool are an extension of virus
or worm removal tools that Microsoft released in 2004.
The first version of the tool, available for
for download,
is capable of removing numerous
viruses and worms, as well as their variants, including: Blaster, Sasser,
MyDoom, DoomJuice, Zindos, Berweb, Gailbot and Nachi.
While tools released in 2004 have been specific to a single virus and
some of its variants, the new removal tool targets numerous viruses.
