Printed from www.pcpro.co.uk
Slew of critical security alerts announced by Microsoft
Posted on 13 Oct 2004 at 09:55
Anyone who hoped that Windows XP Service Pack 2 would bring an end to the monthly blizzard of security patches is going to be disappointed. This month, Microsoft has issued a whole slew of 'critical' and 'important' patches to its software.
All in all the bulletin is reporting seven 'critical' problems found with its software and three 'important' vulnerabilities. The good news for customers who have installed Service Pack 2, is that the vulnerabilities revealed should - with one exception - already be covered by SP2.
Included amongst the round of vulnerabilities Microsoft has uncovered, are a remote code execution vulnerability, two elevation of privilege vulnerabilities, and a denial of service vulnerability. The company says that in the most severe case remote code could be executed on an targeted system. The vulnerabilities that have been discovered have been found in the Window management system, the DOS virtual machine, Graphics Rendering Engine, and the Windows Kernel. The vulnerabilities have been declared critical for Windows NT, Windows 2000, XP and Server 2003. Earlier versions of Windows are less affected.
Users have also been warned that a weakness has been found in the way that Windows uncompresses .zip files which may also allow a hacker to take control of the computer.
An Excel vulnerability - including Excel for the Mac - exists which allows an attacker can complete control of the computer if the rightful user has full administrative privileges. The attacker would be able to install software, view, change, or delete data or create new accounts with full privileges.
Elsewhere Microsoft says that a vulnerability exists in the Windows SMTP component and Exchange Server Routing Engine component that could allow remote code execution on an affected system. Similarly, a problem with the Windows NNTP Component could allow remote code execution on an affected system.
Microsoft is also warning that it has found a number of weaknesses in versions of Internet Explorer 5 and above.
Afftected users should go to the Microsoft website to obtain the latest patches.
Author: Steve Malone
advertisement
- Need a bit of extra Christmas cash? Grass up your boss, says BSA
- Photoshop Mobile on Android review: first look
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Avira Premium Security Suite 9
- ZoneAlarm Internet Security Suite
- Webroot Internet Security Essentials
- Trend Micro Internet Security
- PC Tools Internet Security 2009
- Panda Internet Security 2009
- Norton Internet Security 2009
- Kaspersky Internet Security 2009
- F-Secure Internet Security 2009
- Eset Smart Security
- BitDefender Total Security 2009
advertisement
