Microsoft Corp. warned users on Tuesday of a new "critical"-rated flaw in recent versions of Windows that could allow attackers to take control of a system by embedding malicious software code into digital images.
Users of Windows XP, Windows Server and an updated version of Windows 2000 were vulnerable to an attack unless they installed a software patch.
The flaw affects imaging technology used in Windows that could potentially allow an attacker to take control of a system simply by having the user view a digital image that contains software code that exploits the flaw.
The top two providers of security software and services, Symantec Corp. and McAfee Inc. recommended that users install the patch and avoid opening suspicious e-mail attachments or clicking on any unfamiliar links.
"If a potential victim goes to a Web site and sees these files, they can be infected," said Monti Ijzerman, manager of security content at McAfee.
"The most the obvious thing is to deploy (install) the Microsoft security patches," Izjerman said.
Microsoft issued the patches as part of its monthly security bulletin, which it adopted in 2003 to make it easier for users and computer system administrators to install patches and keep track of vulnerabilities in Microsoft's software.
Users can also download the patches to fix the software flaws at www.microsoft.com/security.