Microsoft issues remote hacker fix


Microsoft issues remote hacker fix

Antony Savvas

Microsoft yesterday issued an "important" Windows security fix as part of its monthly patch cycle, designed to stop an attacker taking over a user’s PC.

As well as tackling a script injection vulnerability, Microsoft also published two alerts as part of its new Microsoft Security Advisories programme, designed to provide temporary workarounds until patches, if required, can be issued by the company.

The monthly security patch addresses a vulnerability in Windows 2000 Service Pack 3 and 4. Newer Windows operating systems are not affected.

Older versions of Windows, including Windows 98 and Windows 98 Second Edition are also affected, but the patch does not protect these operating systems as Microsoft no longer offers support for non-critical security flaws in these programs.

Microsoft said the patch tackles a remote code execution vulnerability in the way that Web View in Windows Explorer handles certain HTML characters in preview fields.

Unpatched machines could allow an attacker to install programs and view and change data with full user rights, said Microsoft.

The company also issued two advisories on potential problems that may or not require patches. 

These included an issue with Windows Media Player digital rights management, and one concerning a simple mail transfer protocol (SMTP) issue in Windows Server 2003 Service Pack 1.


Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy