A previously unknown flaw in Microsoft Corp.’s Windows operating system is leaving computer users vulnerable to spyware, viruses and other programs that could overtake their machines and has sent the company scrambling to come up with a fix.Microsoft said in a statement yesterday that it is investigating the vulnerability and plans to issue a software patch to fix the problem. The company could not say how soon that patch would be available.

Mike Reavey, operations manager for Microsoft’s Security Response Center, called the flaw “a very serious issue.”

Security researchers revealed the flaw on Tuesday and posted instructions online that showed how would-be attackers could exploit the flaw. Within hours, computer virus and spyware authors were using the flaw to distribute malicious programs that could allow them to take over and remotely control afflicted computers.

Reavey encouraged users to update their anti-virus software, ensure all Windows security patches are installed, avoid visiting unfamiliar Web sites, and refrain from clicking on links that arrive via e-mail or instant message.

“The problem with this attack is that it is so hard to defend against for the average user,” said Johannes Ullrich, chief research officer for the SANS Internet Storm Center in Bethesda.

At first, the vulnerability was exploited by just a few dozen Web sites. Programming code embedded in these pages would install a program that warned victims their machines were infested with spyware, then prompted them to pay $40 to remove the supposed pests.

Related Articles

More Windows bugs found

Windows Vista has critical bugs

Security Researchers Spot Mac-Birthed Malware Targeting MS Word

Posted: 12|30|05 at 11:14 am. Filed under: Technology.