Language Selection

English French German Italian Portuguese Spanish

M$ issues 'maximum severity' Windows alert

Filed under
Microsoft

Microsoft has warned of a flaw in its Windows operating system that could be exploited by hackers to remotely run malicious applications on a victim's PC.

The Redmond giant explained that the remote code execution vulnerability, which it rates "maximum severity rating: important", concerns the way that Web View in Windows Explorer handles certain HTML characters in preview fields.

"By persuading a user to preview a malicious file, an attacker could execute arbitrary code in the context of the logged on user. The vulnerability is documented in the 'Vulnerability Details' section of this bulletin," Microsoft stated.

The flaw means that, if a user is logged on with administrative rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
An attacker could then install programs, view, change or delete data, or create new accounts with full user rights, Microsoft warned.

Users whose accounts are configured to have fewer user rights on the system could be less affected than those who operate with administrative user rights.

Microsoft noted that user interaction is required to exploit the vulnerability, but added that customers need to apply the update "at the earliest opportunity".

According to the software giant's Security Bulletin MS05-024, any user running Windows 2000 Service Pack 3 or Windows 2000 Service Pack 4 should immediately update their systems with the relevant patch.

The company stressed that all versions of Windows XP and Windows Server 2003 are not affected by the flaw, and that Windows 98, Windows 98 Second Edition, and Windows Millennium Edition are not "critically affected" by the bug.

Source.

More in Tux Machines

Pithos 1.2

  • New Version of Linux Pandora Client ‘Pithos’ Released
    A new release of open-source Linux Pandora client Pithos is now available for download.
  • Pithos 1.2 Improves The Open-Source/Linux Pandora Desktop Experience
    Chances are if you've ever dealt with Pandora music streaming from the Linux desktop you've encountered Pithos as the main open-source solution that works out quite well. Released today was Pithos 1.2 and it ships with numerous enhancements for this GPLv3-licensed Pandora desktop client. Pithos 1.2 adds a number of new keyboard shortcuts for the main window, initial support for translations, an explicit content filter option, reduced CPU usage with Ubuntu's default theme, redesigned dialogs and other UI elements, and more.

OPNsense 16.7

  • OPNsense 16.7 released
  • pfSense/m0n0wall-Forked OPNsense 16.7 Released
    The latest major release is out of OPNsense, a BSD open-source firewall OS project derived from pfSense and m0n0wall. OPNsense 16.7 brings NetFlow-based reporting and export, trafic shaping support, two-factor authentication, HTTPS and ICAP support in the proxy server, and UEFI boot and installation modes.

New Blackmagic and Wine

Linux Foundation and Linux

  • Google, Samsung, Radisys join CORD project
    The Open Networking Lab (ON.Lab) and The Linux Foundation have spun off the Central Office Re-architected as a Data Center (CORD) initiative into its own, new open source project, and Google, Samsung Electronics and Radisys are joining the CORD and ONOS Projects as new partners. Google plans to host the first CORD Summit on July 29 at Google Sunnyvale Tech Corner Campus in California, where industry leaders, network architects and administrators, developers and engineers will convene.
  • CORD Project Aims to Bring Cloud Agility to Service Providers
    The CORD Project recently became an independent project hosted by The Linux Foundation. CORD (TM) (Central Office Re-architected as a Datacenter), which began as a use case of ONOS®, brings NFV, SDN, and commodity clouds to the telco central office and aims to give telco service providers the same level of agility that cloud providers have to rapidly create new services. Major service providers like AT&T, SK Telecom, Verizon, China Unicom, and NTT Communications, as well as companies like Google and Samsung, are already supporting CORD.
  • Linux Kernel 4.4.16 LTS Released with Over 150 Changes, It's Already in Solus
  • Linux Kernel 4.6.5 Has Numerous Nouveau Improvements, ARM and ARM64 Fixes
  • Linux Kernel 4.6.5 and Kernel 4.4.16 released
    Just after a couple of weeks,Linux Kernel 4.6.4 and 4.6.15 release was announced,here comes the next release in both series of Linux kernel 4.6 and 4.4. Both the releases are to bring fixes and improvements in performance.There are some workarounds made in GPU drivers,Wireless,USB,Sound and others can be checked in the change log,Of Course. In the Kernel 4.6.5 there are 220 files changed,1754 files inserted newly and 998 deletations are made.On the other hand,Linux kernel 4.4.16 has 156 files are changed,1475 insetations and 845 deletations are notified as per the announcement.
  • Linux 4.7 now out with enhanced security and advanced graphics support