Critical update time again

WINDOWS USERS with automatic updates turned off might want to pop over to the MS update site and download the latest critical security patch for Windows 2000, XP, Server 2003 and Vista.

A number of potential nasties allowing malcontents to gain control of systems though animated cursors, font rasterisers and GDI vulnerabilties are fixed. The risks include denial of service, elevation of local privileges, setting up new users and remote code execution.

A spokesman for insecurity firm McAfee, Dave Marcus, said the alert was out-of-cycle.

"McAfee Avert Labs is always concerned when Microsoft releases an out-of-cycle patch," he said. "We urge our customers and the computing public to take this release seriously, as there has already been active exploitation of at least one of these."

More details and download links here. µ