SEATTLE ? A Romania-based security service provider said that a patch issued by Microsoft this month fails to resolve all of the security issues involving the ActiveX control in Windows, which could flood PCs with spyware.
GeCad said that the patch has not addressed at least one weakness that could allow a hackers to exploit of the HTML Help ActiveX control vulnerability, CNET.Com reported.
But a Microsoft representative said Monday that the company is already working to close the loophole and added that the January patch had fixed the original problem. Microsoft did not say whether the fix would be released before its February patch bulletin.
GeCad said the potential for attack is opened up if a computer is updated with Microsoft’s Windows XP Service Pack 1 or Windows 2000 Service Pack 4, along with the most recent security patches. It also noted that updating with Microsoft’s Windows XP Service Pack 2 seems to prevent the problem.