McAfee has addressed eight security announcements made by Microsoft that would allow a computer to be take over completely.

 

Following Microsoft naming eight security vulnerabilities on Tuesday, McAfee has claimed that only two were urgent, despite all eight being named as critical.

 

It claimed that vulnerabilities in the Microsoft Graphics Device Interface (GDI+), a Windows component used to process image files, and Windows Media Player 11 could be exploited if a user viewed a rigged image or streamed a malicious media file from the Web.

 

Dave Marcus, security research and communications director at McAfee Avert Labs, said: “The bulk of the vulnerabilities addressed by Microsoft's fixes yesterday could be exploited if a Windows user simply visits a malicious website. Criminals are increasingly using the Web to deliver malicious software.

 

“In such drive-by downloads an attacker places malware onto a vulnerable computer without the user noticing it. Microsoft's patches again underline the risk of surfing the Web unprotected.

 

“Microsoft has repeatedly had to fix problems related to the Graphics Device Interface in Windows and vulnerabilities in the component have been exploited broadly in the past. We can expect that security researchers will be looking to reverse engineer yesterday's patches, which may very well lead to many more exploits being created.”

 

McAfee recommends that home users install Microsoft's patches as soon as possible. Home users should use Windows Automatic Updates.