Microsoft warns users of 'critical' security flaws

WASHINGTON -- Microsoft Corp. warned customers yesterday about unusually serious security problems with its Windows software that could let hackers quietly break into computers to steal files, delete data, or eavesdrop on sensitive information.

Microsoft, which learned about the flaws more than six months ago from researchers, said the only protective solution was to apply a repairing patch it offered on its website. It assessed the threat to computer users as "critical," its highest rating.

A Microsoft security executive, Stephen Toulouse, said the flawed software was "an extremely deep and pervasive technology in Windows," and urged customers to apply the patch immediately.

The Department of Homeland Security also warned Americans about the software problems with e-mails sent across its new national cyber-alert system.

The disclosure comes just weeks before Microsoft chairman Bill Gates delivers a keynote speech in San Francisco at one of the industry's most important security trade conferences. Microsoft has struggled in recent months against a tide of renewed criticism about security risks in its software, the engine for computers in most of the world's governments, corporations, and homes.

"This is one of the most serious Microsoft vulnerabilities ever released," said Marc Maiffret of eEye Digital Security Inc. of Aliso Viejo, Calif., which discovered the new Windows flaws. Maiffret predicted hackers will try to unleash a damaging Internet infection within weeks.