Microsoft Patches Windows, Offers Malware Removal Tool

Joris Evers, IDG News Service

Microsoft today offered patches for several serious Windows security holes and released a new tool that lets users remove malicious software from their PCs.

Additionally, Microsoft said it now has a formal closed beta test program for testing security updates. Through the new "Security Update Validation Program," select customers and partners representing many backgrounds will get access to security updates to test for application compatibility, Microsoft said in a statement.

Along with its monthly security alerts, Microsoft also made available the new malware removal tool, Windows AntiSpyware (Beta), which can be downloaded here. The tool, officially announced last week, will be updated every month and lets users remove malicious software related to viruses and worms from their systems. Microsoft promised the free tool to users earlier this month.

Microsoft has always tested its security updates before releasing them publicly. However, the Redmond, Washington-based company established this beta program over the past year to provide broader testing in more real-world scenarios, a spokesperson said.

Three Security Flaws

On its first "patch Tuesday" in 2005, Microsoft published three Security Bulletins, all related to Windows. Two of the bulletins are rated "critical," Microsoft's highest severity rating, while the other is "important," one notch lower on the vendor's scale.

In Microsoft's rating system for security issues, vulnerabilities that could allow a malicious Internet worm to spread without any action on the part of the user are rated "critical." Issues that require a user action to spread a worm, but could still expose user data or threaten system resources, are rated "important."

The first critical vulnerability lies in the Windows HTML Help system, which has been the subject of security flaws in the past. The latest flaw was reported last month and has been exploited to attack users, according to Microsoft. It can allow an attacker to take control of a victim's system through a malicious Web site or an e-mail message.

The Windows HTML Help system is designed to help PC users by providing graphics, multimedia elements, and hyperlinks to additional information. The vulnerability puts systems running Windows XP, Windows Server 2003, and Windows 2000 at risk, but Windows NT Server 4.0 is not affected, Microsoft said in Security Bulletin MS05-001. Security Bulletin MS05-002, the second critical Security Bulletin of the year, details two flaws in the way Windows handles cursor, animated cursor, and icon formats. One flaw is so serious that it could give an attacker complete control of a user's system, while the other flaw could be exploited to crash Windows systems, a denial of service attack, Microsoft said. The cursor and icon format handling affects Windows NT Server 4.0, Windows 2000, Windows XP, and Windows Server 2003. Systems with Windows XP Service Pack 2 are not exposed as a result of this issue, according to Microsoft.

Deemed "important" by Microsoft is a flaw in the Windows Indexing Service that affects Windows 2000, Windows XP with SP1, Windows Server 2003, and several 64-bit editions of Windows. Not affected are Windows NT Server 4.0, Windows XP SP2, Windows 98, and Windows Millennium Edition, Microsoft said.

The Indexing Service is part of the operating system and builds catalogs for the contents and properties of the file systems, for example. The vulnerability could allow an attacker to control a victim's PC, but the risk is mitigated because the indexing service is not enabled by default, among other reasons, Microsoft said in Security Bulletin MS05-003.