Microsoft Corp. issued two security fixes in a regular monthly update Tuesday, including one that removes a dangerous bug in all versions of Windows XP and Windows Server 2003.
Microsoft gave the serious security fix its most urgent "critical" rating. Hackers could exploit a vulnerability using Internet Explorer 7, and possibly other programs, and take over a user's computer for a variety of nefarious purposes, such as stealing passwords or pumping out spam.
(Msnbc.com is a Microsoft-NBC Universal joint venture.)
The security hole "is concerning as it's a publicly known issue that puts computer users at risk," said Ben Greenbaum, a senior research manager on antivirus software maker Symantec Corp.'s security response team.
The other fix, which Microsoft gave the second-highest "important" rating, is for computers running versions of Windows 2000 Server and Windows Server 2003. Hackers could exploit the flaw in Microsoft's program to redirect Internet traffic from legitimate sites to fake ones.
Windows users can visit Microsoft's security Web site to get the updates or configure their computers to automatically update each month.