Microsoft Warns Of Flaws In Windows, Outlook, Messenger

In its newest monthly round of patches, Microsoft Tuesday warned users of three vulnerabilities in a trio of its top products: Windows, Outlook, and its instant messaging client, Messenger.

Unlike in past months, however, none of the new flaws were rated as "Critical," the Redmond, Wash.-based developer's highest ranking in its four-step threat assessment system.

The top-rated vulnerability of the three was for Outlook 2002, the e-mail client packed with the now-aging, but still widely-used, Office XP suite. Microsoft has ranked this security flaw as "Important," one step below Critical.

"This is the one that's most dangerous," said Craig Schmugar, the virus research manager with Network Associates' AVERT analysis team. "The vulnerability allows for arbitrary code execution, which we've seen heavily exploited in the past."

The vulnerability, which affects versions of Office XP and Outlook 2002 that have been updated only as far as Service Pack 2 (SP2) -- users which have applied SP3 to Office XP and Outlook 2002 are safe, as are those who use Office 2003 and Outlook 2003 -- could be exploited by a hacker who entices users of Internet Explorer to a malicious Web site or gets them to view a HTML e-mail message. Once at the Web site, or by viewing an HTML message, users could be infected with other code of the hacker's choice -- such as a Trojan horse or a worm -- or their system could grant the attacker complete access to the machine, where he or she could delete files, change settings, or wreak other havoc.