Slew of critical security alerts announced by Microsoft
By Steve Malone
Posted on 13 Oct 2004 at 09:55
Anyone who hoped that Windows XP Service Pack 2 would bring an end to the monthly blizzard of security patches is going to be disappointed. This month, Microsoft has issued a whole slew of 'critical' and 'important' patches to its software.
All in all the bulletin is reporting seven 'critical' problems found with its software and three 'important' vulnerabilities. The good news for customers who have installed Service Pack 2, is that the vulnerabilities revealed should - with one exception - already be covered by SP2.
Included amongst the round of vulnerabilities Microsoft has uncovered, are a remote code execution vulnerability, two elevation of privilege vulnerabilities, and a denial of service vulnerability. The company says that in the most severe case remote code could be executed on an targeted system. The vulnerabilities that have been discovered have been found in the Window management system, the DOS virtual machine, Graphics Rendering Engine, and the Windows Kernel. The vulnerabilities have been declared critical for Windows NT, Windows 2000, XP and Server 2003. Earlier versions of Windows are less affected.
Users have also been warned that a weakness has been found in the way that Windows uncompresses .zip files which may also allow a hacker to take control of the computer.
An Excel vulnerability - including Excel for the Mac - exists which allows an attacker can complete control of the computer if the rightful user has full administrative privileges. The attacker would be able to install software, view, change, or delete data or create new accounts with full privileges.
Elsewhere Microsoft says that a vulnerability exists in the Windows SMTP component and Exchange Server Routing Engine component that could allow remote code execution on an affected system. Similarly, a problem with the Windows NNTP Component could allow remote code execution on an affected system.
Microsoft is also warning that it has found a number of weaknesses in versions of Internet Explorer 5 and above.
Afftected users should go to the Microsoft website to obtain the latest patches.
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
- Can you send a truly anonymous email?
- Is it safe to send bank details over email?
- Sainsbury's Bank bans password storage
- MobileMe triggers credit card blocks
- How to stay safe against session hijacking
advertisement
Printed from www.pcpro.co.uk