Microsoft fixes 20 security holes

[Toon]

Windows users are being urged to install Microsoft's February security update which contains 12 patches for 20 vulnerabilities.

The bumper package includes fixes for loopholes that malicious hackers are known to be already exploiting.

Another vulnerability is in the program Microsoft designed to spot viruses and spyware that has infected PCs.

Half of the patches in the update have been rated as critical; criminals exploiting these could take over a PC.

Hijack trick

The fixes were issued as part of Microsoft's regular monthly security update that falls on the second Tuesday of every month.

Loopholes in Word, Excel, PowerPoint, Internet Explorer and Microsoft's Malware Protection Engine are closed by the updates in the patch. Versions of these programs used on Windows 2000 and XP could have these loopholes.

Users worried that they are at risk are being encouraged to check information about which programs are vulnerable via Microsoft's security site.

Some of the loopholes, particularly those in Word, have been actively exploited by malicious hackers for several weeks.

Many Windows XP owners are likely to get the patches automatically, but any user can download the patches from the Windows Update site.

The "critical" rating usually means that a cyber criminal exploiting such a vulnerability could take over a PC via a booby-trapped webpage or by tricking a user into opening an attachment on an e-mail.

None of the patches affected Vista - the newest version of the Windows operating system which was released on 30 January.