Language Selection

English French German Italian Portuguese Spanish

M$ issues 'maximum severity' Windows alert

Filed under

Microsoft has warned of a flaw in its Windows operating system that could be exploited by hackers to remotely run malicious applications on a victim's PC.

The Redmond giant explained that the remote code execution vulnerability, which it rates "maximum severity rating: important", concerns the way that Web View in Windows Explorer handles certain HTML characters in preview fields.

"By persuading a user to preview a malicious file, an attacker could execute arbitrary code in the context of the logged on user. The vulnerability is documented in the 'Vulnerability Details' section of this bulletin," Microsoft stated.

The flaw means that, if a user is logged on with administrative rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
An attacker could then install programs, view, change or delete data, or create new accounts with full user rights, Microsoft warned.

Users whose accounts are configured to have fewer user rights on the system could be less affected than those who operate with administrative user rights.

Microsoft noted that user interaction is required to exploit the vulnerability, but added that customers need to apply the update "at the earliest opportunity".

According to the software giant's Security Bulletin MS05-024, any user running Windows 2000 Service Pack 3 or Windows 2000 Service Pack 4 should immediately update their systems with the relevant patch.

The company stressed that all versions of Windows XP and Windows Server 2003 are not affected by the flaw, and that Windows 98, Windows 98 Second Edition, and Windows Millennium Edition are not "critically affected" by the bug.


More in Tux Machines

Ada Lovelace Day: Marina Zhurakhinskaya and Outreachy

Working as a senior software engineer at Red Hat on the GNOME Project, I was very impressed by the talent of the project contributors, by how rewarding it is to work on free software, and by the feeling of connectedness one gets when collaborating with people all over the world. Yet, at GUADEC 2009, of approximately 170 attendees, I believe I was one of only eight women. Of the software developers working on the entire GNOME project at the time, I was one of only three. Read more

Why Samsung's Open-Source Group Likes The LLVM Clang Compiler

Samsung is just one of many companies that has grown increasingly fond of the LLVM compiler infrastructure and Clang C/C++ front-end. Clang is in fact the default compiler for native applications on their Tizen platform, but they have a whole list of reasons why they like this compiler. Read more

Framing Free and Open Source Software

Having just passed its thirtieth birthday, the Free Software Foundation has plenty to celebrate. Having begun as a fringe movement, free and open source software has become the backbone of the Internet, transforming business as a side-effect. Yet for all is accomplishments, the one thing it has not done is capture the popular imagination. As a result, I find myself wondering how free and open source software might present itself in the next thirty years to overcome this problem. Read more