The emergence of a new Internet virus targeting a Microsoft Windows security flaw could cause more damage than usual because the company's system for fixing the problem is so complex that many people will not bother to download it, security experts warned.
On Sept. 14, Microsoft released a patch to remedy a problem in the way the company's products process digital image files. That problem could allow attackers to take control of computers running the Windows XP (news - web sites) operating system, Server 2003 software and Microsoft Office just by getting people to open an e-mail message or visit a Web site. Microsoft Office is a bundle of products that includes the popular Word, Excel and Outlook e-mail programs.
Microsoft has waged an extensive public relations campaign to convince users to set up their computers to receive software patches through the company's automatic update service, but some experts said that many users do not know that they might need to manually apply other patches at a separate Microsoft Office Update Web site to ensure that their PCs are protected against the threat.
Windows users who receive automatic updates or go to Microsoft's Windows Update site can use a scanning tool that tells them whether they need to visit its Office Update site for other fixes. But patching Office often requires users to take additional steps. For example, users who have not installed any previous Office patches will need to download and install those fixes before their computers will accept the latest patch. The Office site also may require users to have their original Microsoft Office CD-ROM handy.
http://story.news.yahoo.com/news?tmpl=story&e=5&u=/washpost/20041001/tc_washpost/a64737_2004oct1