Microsoft announces raft of security warnings

By Matt Whipp

Posted on 16 Oct 2003 at 12:02

Microsoft has warned of seven new security vulnerabilities in its Windows products.

Five of these are rated as Critical by the company, with one rated Important, and the last Moderate.

The vulnerabilities affect pretty much all Microsoft's Windows line - from NT through to XP, including Server 2003, the Exchange Server range and 64bit editions of the software. Perversely, Windows ME, comes out relatively unscathed, although is not clear of flaws. It should be remembered that Windows 98 SE and previous versions are no longer supported through the company except on a paid-for basis.

The flaws range from problems arising from a number of improperly checked buffers, to cross-site scripting and ActiveX issues. End-users can use the automatic update feature (turned on by default in XP) to update their systems or go to windowsupdate.com to shore things up.

System administrators can view the Microsoft's advice and evaluate the available patches at the Microsoft TechNet site.

Security company Internet Security Systems has warned in particular of the flaw in Windows Messenger Service (bulletin MS03-043). It states: 'Vulnerabilities of this nature have led to Internet worms such as "MS Blast/Blaster", "Nachi", and "SQL Slammer". History has shown that vulnerabilities of this
magnitude lead almost immediately to exploit tool development by the underground community and extensive and widespread attacks. The vulnerability can be triggered via UDP, leaving open the possibility of extremely rapid worm propagation.'

See also:

SECURITY: New RPC flaw in Windows