On Wednesday, Microsoft released a patch for a newly found critical vulnerability in its flagship Windows operating system.
According to the software maker, a buffer overrun security hole exists in an HTML conversion utility shipped with all versions of Windows, including Windows XP and Windows Server 2003. Sending specific code to the program could cause it to execute any commands within the privileges of the current user.
The HTML conversion tool is used by the Internet Explorer browser and e-mail clients such as Outlook and Outlook Express. An attacker could exploit the vulnerability through an HTML e-mail message or by luring Windows users to visit a specifically created web page, designed to exploit the vulnerability.
Microsoft has made available software updates fixing the security flaw. Svetlozar Online advises all Windows users to immediately download and apply the appropriate patch or automatically secure their systems through Microsoft's
Windows Update web site.
