- Impact
- 1
July 9 — Microsoft on Wednesday warned of three new security gaps in its software, including one “critical” Windows flaw that could allow a hacker to run unauthorized code on victims’ PCs.
THE MOST SERIOUS of the flaws is what is known as a buffer overrun vulnerability, which could allow an attacker to use an unchecked buffer to run their own executable code.
This flaw, located in the HTML converter in Microsoft’s Windows operating system, could be used by hackers to spread the code either by sending an HTML e-mail or by creating a special Web page that triggers a download of the code.
Because the security hole can be exploited without any action on the part of the user, Microsoft described it as critical, the highest rating in the software maker’s four-level system.
The vulnerability exists in many recent versions of Windows, including Windows XP, Windows 2000, Windows 98, Windows 98 Second Edition, Windows Me, Windows NT 4.0 Server and Windows Server 2003. However, the flaw is only rated moderate in Windows Server 2003, because that software ships with a setting known as Enhanced Security Configuration designed to minimize the risk of unauthorized code being launched.
Microsoft posted a patch for the vulnerability on its Web site.
Full Story:
http://www.msnbc.com/news/936840.asp?0dm=C217T
THE MOST SERIOUS of the flaws is what is known as a buffer overrun vulnerability, which could allow an attacker to use an unchecked buffer to run their own executable code.
This flaw, located in the HTML converter in Microsoft’s Windows operating system, could be used by hackers to spread the code either by sending an HTML e-mail or by creating a special Web page that triggers a download of the code.
Because the security hole can be exploited without any action on the part of the user, Microsoft described it as critical, the highest rating in the software maker’s four-level system.
The vulnerability exists in many recent versions of Windows, including Windows XP, Windows 2000, Windows 98, Windows 98 Second Edition, Windows Me, Windows NT 4.0 Server and Windows Server 2003. However, the flaw is only rated moderate in Windows Server 2003, because that software ships with a setting known as Enhanced Security Configuration designed to minimize the risk of unauthorized code being launched.
Microsoft posted a patch for the vulnerability on its Web site.
Full Story:
http://www.msnbc.com/news/936840.asp?0dm=C217T
