Printed from www.pcpro.co.uk
Slew of critical security alerts announced by Microsoft
Posted on 13 Oct 2004 at 09:55
Anyone who hoped that Windows XP Service Pack 2 would bring an end to the monthly blizzard of security patches is going to be disappointed. This month, Microsoft has issued a whole slew of 'critical' and 'important' patches to its software.
All in all the bulletin is reporting seven 'critical' problems found with its software and three 'important' vulnerabilities. The good news for customers who have installed Service Pack 2, is that the vulnerabilities revealed should - with one exception - already be covered by SP2.
Included amongst the round of vulnerabilities Microsoft has uncovered, are a remote code execution vulnerability, two elevation of privilege vulnerabilities, and a denial of service vulnerability. The company says that in the most severe case remote code could be executed on an targeted system. The vulnerabilities that have been discovered have been found in the Window management system, the DOS virtual machine, Graphics Rendering Engine, and the Windows Kernel. The vulnerabilities have been declared critical for Windows NT, Windows 2000, XP and Server 2003. Earlier versions of Windows are less affected.
Users have also been warned that a weakness has been found in the way that Windows uncompresses .zip files which may also allow a hacker to take control of the computer.
An Excel vulnerability - including Excel for the Mac - exists which allows an attacker can complete control of the computer if the rightful user has full administrative privileges. The attacker would be able to install software, view, change, or delete data or create new accounts with full privileges.
Elsewhere Microsoft says that a vulnerability exists in the Windows SMTP component and Exchange Server Routing Engine component that could allow remote code execution on an affected system. Similarly, a problem with the Windows NNTP Component could allow remote code execution on an affected system.
Microsoft is also warning that it has found a number of weaknesses in versions of Internet Explorer 5 and above.
Afftected users should go to the Microsoft website to obtain the latest patches.
Author: Steve Malone
advertisement
- Motorola pays Lucas for its Droid
- Where are the killer apps for Windows?
- Will you hit the Orange iPhone "unlimited" cap?
- USB 3 first benchmark - it's here, and it's fast
- Why Windows 7 has forced me to worry about security
- How Dixons is (under)selling Windows 7
- Do I like Windows 7 because it's so like a Mac?
- No Windows 7 drivers turn Dell M1330 into a doorstop
- Is Windows 7 good looking enough to sway an Apple fan?
- Typekit brings print-like typography to the web
- Avira Premium Security Suite 9
- ZoneAlarm Internet Security Suite
- Webroot Internet Security Essentials
- Trend Micro Internet Security
- PC Tools Internet Security 2009
- Panda Internet Security 2009
- Norton Internet Security 2009
- Kaspersky Internet Security 2009
- F-Secure Internet Security 2009
- Eset Smart Security
- BitDefender Total Security 2009
advertisement
