Language Selection

English French German Italian Portuguese Spanish

M$ issues 'maximum severity' Windows alert

Filed under
Microsoft

Microsoft has warned of a flaw in its Windows operating system that could be exploited by hackers to remotely run malicious applications on a victim's PC.

The Redmond giant explained that the remote code execution vulnerability, which it rates "maximum severity rating: important", concerns the way that Web View in Windows Explorer handles certain HTML characters in preview fields.

"By persuading a user to preview a malicious file, an attacker could execute arbitrary code in the context of the logged on user. The vulnerability is documented in the 'Vulnerability Details' section of this bulletin," Microsoft stated.

The flaw means that, if a user is logged on with administrative rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
An attacker could then install programs, view, change or delete data, or create new accounts with full user rights, Microsoft warned.

Users whose accounts are configured to have fewer user rights on the system could be less affected than those who operate with administrative user rights.

Microsoft noted that user interaction is required to exploit the vulnerability, but added that customers need to apply the update "at the earliest opportunity".

According to the software giant's Security Bulletin MS05-024, any user running Windows 2000 Service Pack 3 or Windows 2000 Service Pack 4 should immediately update their systems with the relevant patch.

The company stressed that all versions of Windows XP and Windows Server 2003 are not affected by the flaw, and that Windows 98, Windows 98 Second Edition, and Windows Millennium Edition are not "critically affected" by the bug.

Source.

More in Tux Machines

Jessie Release Date: 2015-04-25

We now have a target release date of Saturday the 25th of April. We have checked with core teams, and this seems to be acceptable for everyone. This means we are able to begin the final preparations for a release of Debian 8 - "Jessie". The intention is only to lift the date if something really critical pops up that is not possible to handle as an errata, or if we end up technically unable to release that weekend. Please keep in mind that we intend to have a quiet period from Saturday the 18th of April. Bug fixes must be *in Jessie* before then. Read more

Radeon Linux Benchmarks: Catalyst 15.3 Beta vs. Linux 4.0 + Mesa 10.6-devel

Before ending out March, here's some new OpenGL Linux benchmarks comparing the closed-source Catalyst 15.3 Beta driver against the Linux 4.0 development kernel with Mesa 10.6 Git for the freshest open-source graphics driver code. Read more

5 questions to determine if open source is a good fit for a software project

A benefit of open source in general, and commercial open source in particular, is that you have the support of others as well as the ability to do the maintenance yourself. I hope these questions will help you determine whether open source is a good fit for your next software project. Let me know if there are other questions you would add to this list. Read more