Microsoft issues remote hacker fix

News

Microsoft issues remote hacker fix

Antony Savvas

Microsoft yesterday issued an "important" Windows security fix as part of its monthly patch cycle, designed to stop an attacker taking over a user’s PC.

As well as tackling a script injection vulnerability, Microsoft also published two alerts as part of its new Microsoft Security Advisories programme, designed to provide temporary workarounds until patches, if required, can be issued by the company.

The monthly security patch addresses a vulnerability in Windows 2000 Service Pack 3 and 4. Newer Windows operating systems are not affected.

Older versions of Windows, including Windows 98 and Windows 98 Second Edition are also affected, but the patch does not protect these operating systems as Microsoft no longer offers support for non-critical security flaws in these programs.

Microsoft said the patch tackles a remote code execution vulnerability in the way that Web View in Windows Explorer handles certain HTML characters in preview fields.

Unpatched machines could allow an attacker to install programs and view and change data with full user rights, said Microsoft.

The company also issued two advisories on potential problems that may or not require patches. 

These included an issue with Windows Media Player digital rights management, and one concerning a simple mail transfer protocol (SMTP) issue in Windows Server 2003 Service Pack 1.

 


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy