The Mother Board

Motherboards.org forums. Free tech support, motherboard ID, and more.
It is currently Fri Sep 21, 2018 12:43 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Wed Jan 12, 2005 6:39 pm 
Offline
Black Belt 5th Degree
Black Belt 5th Degree

Joined: Mon Jul 14, 2003 12:38 pm
Posts: 8640
Location: Midlands UK
Quote:
Windows open to critical vulnerabilities
Time to get patching
Robert Jaques, vnunet.com 12 Jan 2005


TMicrosoft has detailed three newly discovered security flaws, two of which it rates as 'critical' because they could allow hackers to take remote control of compromised PCs.

The critical MS05-001 bug uses a handling flaw in HTML to allow malicious third parties to run arbitrary code remotely on unpatched PCs. The vulnerability exists in the HTML Help ActiveX control in Windows.

"If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft warned.

An attacker could then install programs, view, change or delete data, or create new accounts with full privileges.

Users whose accounts are configured to have fewer privileges on the system could be less affected than those who operate with administrative privileges.

The other critical flaw centres on a vulnerability in cursor and icon format handling that could also allow remote code execution.

An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, install programs, view, change or delete data, or create new accounts that have full privileges, according to Microsoft's advisory.

"A remote code execution vulnerability exists in the way that cursor, animated cursor, and icon formats are handled," Microsoft stated.

"An attacker could try to exploit the vulnerability by constructing a malicious cursor or icon file that could potentially allow remote code execution if a user visited a malicious website or viewed a malicious email message."

The third vulnerability, rated as 'important', has been found in the Windows Indexing Service that could allow remote code execution on an affected system. Microsoft pointed out that Indexing Service is not enabled by default on affected systems.

A wide variety of the software giant's consumer and business operating systems are affected by the flaws including Windows 2000, XP (SP2 only patches against one of the critical vulnerabilities) and Windows Server 2003.


_________________
"Only two thing are infinite, the universe and human stupidity,and Im not sure about the former." Albert Einstein (1879 - 1955)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Jan 13, 2005 2:46 pm 
Offline
Mobo-fu Master
Mobo-fu Master

Joined: Sun May 06, 2001 12:01 am
Posts: 37463
Location: Netherlands
As of now a patch exists and is included in Windows Update
http://www.microsoft.com/technet/securi ... 5-001.mspx

another hole and patch:
http://www.microsoft.com/technet/securi ... 5-002.mspx

all good things come in threes:
http://www.microsoft.com/technet/securi ... 5-003.mspx

if they keep this rate we'll have some 250 patches by the end of this year :lol:

_________________
We hate rut, but we fear change.
********************************
System error, strike any user to continue...


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Jan 13, 2005 3:18 pm 
Offline
Black Belt 5th Degree
Black Belt 5th Degree

Joined: Mon Jul 14, 2003 12:38 pm
Posts: 8640
Location: Midlands UK
evasive wrote:
As of now a patch exists and is included in Windows Update
http://www.microsoft.com/technet/securi ... 5-001.mspx

another hole and patch:
http://www.microsoft.com/technet/securi ... 5-002.mspx

all good things come in threes:
http://www.microsoft.com/technet/securi ... 5-003.mspx

if they keep this rate we'll have some 250 patches by the end of this year :lol:


was SP2 going to solve all known problems with XP. let face it it turn into a 250mb + cock up

_________________
"Only two thing are infinite, the universe and human stupidity,and Im not sure about the former." Albert Einstein (1879 - 1955)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Jan 13, 2005 4:03 pm 
Offline
Mobo-fu Master
Mobo-fu Master

Joined: Sun May 06, 2001 12:01 am
Posts: 37463
Location: Netherlands
SP2 has been troublesome throughout the years. For NT4 it was a disaster, for win2k it only added trouble and for XP it plugged a great deal of holes but XP is only holes to begin with or so it seems...

_________________
We hate rut, but we fear change.
********************************
System error, strike any user to continue...


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group