1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Newest Microsoft WARNINGS..

Discussion in 'Virus & Other Malware Removal' started by kidcnote, Feb 8, 2006.

Thread Status:
Not open for further replies.
  1. kidcnote

    kidcnote Banned Thread Starter

    Dec 20, 2005
    February 7, 2006
    Microsoft on Tuesday warned of two security issues that could put some Windows users at risk of attack and said it is investigating a third possible vulnerability.

    One security problem is reminiscent of the recent high-profile security woes that affected Windows. It is related to how aging versions of Internet Explorer handle malformed Windows Meta File images on the Windows Millennium Edition and Windows 2000 operating systems.

    The flaw exists only in IE 5.01 with Service Pack 4 on Windows 2000 and IE 5.5 with Service Pack 2 on Windows ME, Microsoft said in a security advisory. Users could be attacked simply by viewing a malicious image on a Web site, in an e-mail or in an image viewer, Microsoft said.

    "An attacker who successfully exploited this vulnerability could take complete control of the affected system," Microsoft said in its advisory.

    Though the WMF vulnerability may appear similar to previous flaws related to WMF that plagued Windows, the issue is different, Microsoft said. Last month the software maker rushed out a fix for a WMF rendering flaw that was being exploited to install spyware on the computers of unwitting Windows users.

    To remedy this new WMF problem, Microsoft recommends users upgrade to IE6 with Service Pack 1 and said it may issue a security patch.

    In a second security advisory, Microsoft warned of a problem with overly permissive access controls in Windows XP and Windows Server 2003. The problem exists only in versions that do not have the latest service packs installed, the company said.

    The access control issue could be exploited by a user with low privileges to run programs and commands that normally require a higher privilege level, Microsoft said. The software maker suggests installing Service Pack 2 on Windows XP or Service Pack 1 on Windows Server 2003 to limit exposure, or manually changing access controls on the four affected Windows components.

    Attack code that takes advantage of the flaw is publicly available. A successful attack could give an attacker full control over a vulnerable computer, security monitoring company Secunia said in an alert. However, the scope is limited because the vulnerable software is used only by software developers and is not part of Windows, according to Microsoft.

    "Microsoft's initial investigation has revealed that customers who have not installed the HTML Help SDK on their systems are not impacted by this report," the representative said.

    Microsoft's next "patch Tuesday" is on Feb. 14. The company on Thursday is expected to release some details on what software fixes it will deliver.
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/441039

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice