Seven new vulnerabilities for which Microsoft announced system protection updates have security experts preparing for a possible new rash of bugs aimed at exploiting them, according to several reports.
The likeliest vulnerability to attract future bugs is the one called Windows Shell (MS04-024), which research firm eEye believes is the most serious threat in spite of Microsoft rating the problem as "important" and not "critical."
Norton AntiVirus makers Symantec said the new vulnerabilities include some high risk threats that can be exploited remotely, provoking denial-of-service attacks and confidential data losses. The company advised Windows users to patch as fast as possible.
Microsoft said their two highest-rated of the new vulnerabilities involve the Windows task scheduler function, where the problem is an unchecked buffer that doesn't include data validation commands; and, HTML Help and showHelp vulnerabilities which could allow an attacker to control an affected system completely, the company said.
