Slew of critical security alerts announced by Microsoft
By Steve Malone
Posted on 13 Oct 2004 at 09:55
Anyone who hoped that Windows XP Service Pack 2 would bring an end to the monthly blizzard of security patches is going to be disappointed. This month, Microsoft has issued a whole slew of 'critical' and 'important' patches to its software.
All in all the bulletin is reporting seven 'critical' problems found with its software and three 'important' vulnerabilities. The good news for customers who have installed Service Pack 2, is that the vulnerabilities revealed should - with one exception - already be covered by SP2.
Included amongst the round of vulnerabilities Microsoft has uncovered, are a remote code execution vulnerability, two elevation of privilege vulnerabilities, and a denial of service vulnerability. The company says that in the most severe case remote code could be executed on an targeted system. The vulnerabilities that have been discovered have been found in the Window management system, the DOS virtual machine, Graphics Rendering Engine, and the Windows Kernel. The vulnerabilities have been declared critical for Windows NT, Windows 2000, XP and Server 2003. Earlier versions of Windows are less affected.
Users have also been warned that a weakness has been found in the way that Windows uncompresses .zip files which may also allow a hacker to take control of the computer.
An Excel vulnerability - including Excel for the Mac - exists which allows an attacker can complete control of the computer if the rightful user has full administrative privileges. The attacker would be able to install software, view, change, or delete data or create new accounts with full privileges.
Elsewhere Microsoft says that a vulnerability exists in the Windows SMTP component and Exchange Server Routing Engine component that could allow remote code execution on an affected system. Similarly, a problem with the Windows NNTP Component could allow remote code execution on an affected system.
Microsoft is also warning that it has found a number of weaknesses in versions of Internet Explorer 5 and above.
Afftected users should go to the Microsoft website to obtain the latest patches.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
