Microsoft Corporation this week warned of three new security flaws in the Windows operating system that, if exploited, could let hackers take over the computers of unsuspecting users.
Microsoft classified one of the vulnerabilities, first discovered six months ago, as "critical".
The weakness is contained in an elemental protocol used by Windows-running computers for sharing information, called "abstract syntax notation" or ASN, for short.
This protocol is used so widely that even some of Microsoft's own security features rely on it; computer security experts said it would be impossible to guess how many applications depend on ASN.
"It's a networking component within all versions of Windows which is fairly low level," said Mr Stephen Toulouse, a Microsoft security program manager. "It's extremely deep within Windows itself."
The widespread use of the protocol slowed efforts to come up with a software patch, Mr Toulouse said. The two other vulnerabilities were rated "important", meaning they posed a lower threat. The software maker has posted a patch designed to protect against all three at www.microsoft.com/security.
Though the software giant switched last year to a program of issuing security updates only once a month, this marks the second time in February that Microsoft has warned users about serious flaws in its software.
Last week Microsoft urged users to take care of a vulnerability in Microsoft's internet Explorer Web browser. Computer users are accustomed to alerts from Microsoft, but Tuesday's announcement raised eyebrows.
"It's a pretty severe vulnerability," said Mr Sunil James, director of vulnerability intelligence at the Reston, Virginia-based computer security firm iDefense Inc. "This is one that definitely does qualify" for Microsoft's critical" ranking status, Mr James said.
There are as yet no known exploits of the flaws disclosed Tuesday, but Mr James figures it will be "just a matter of time" before he will see malicious software that attempts to capitalise on the vulnerabilities.
Mr Marc Maiffret, a computer security expert whose firm discovered the problem, said computer systems that control power or water utilities could be vulnerable to attacks. But he also said that "there are so many avenues of attack, [the vulnerability\] impacts everybody".
Mr Maiffret, co-founder of Aliso Viejo, California-based eEye Digital Security, said his firm discovered the flaw six months ago while testing out the technological underpinnings of a new security product his firm is developing. - (LA Times-Washington Post)
