Two new vulnerabilities announced for Windows and IE
Posted on 14 Dec 2005 at 10:43
Microsoft has issued two new warnings for its Windows software in this month's security bulletin. One is a flaw found in Windows 2000 Service Pack 4, while the other covers a number of security patches for Internet Explorer.
The first is a so-called 'privilege elevation' vulnerability that has been privately reported to Microsoft. Such vulnerability allows a hacker to gain unauthorised privileges on a machine or network. An example of privilege elevation would be a user with minimal rights, such as a logging in as 'guest', who could contrive a way to be added to the Administrator's group to take advantage of the extended rights available.
In this case, the vulnerability exists in the way that asynchronous procedure calls are processed within the kernel. According to Microsoft, an attacker who successfully exploited this vulnerability could take complete control of an affected system. As such, that person could then install malicious programs; view, change, or delete data; or create new accounts with full user rights.
The vulnerability cannot be exploited remotely and has to be via someone who is logged into the machine. Apparently, it does not affect Windows XP that is in use by the vast majority of Microsoft customers today.
The second update is for a cumulative patch for several IE vulnerabilities ranging from the moderate to the critical. They include patches for HTTPS proxy vulnerabilities to File Download dialog box manipulation.
The company is also updating its Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the company's Download Centre Web site.
Full details are at the Microsoft TechNet site.
Author: Steve Malone
advertisement
- Need a bit of extra Christmas cash? Grass up your boss, says BSA
- Photoshop Mobile on Android review: first look
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Getting to grips with Microsoft's IT Health Environment Scanner
- Virtualise your servers
- The changing face of travel gadgets
- Build your own distributed file system
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
advertisement
Printed from www.pcpro.co.uk

