Microsoft issues ‘critical’ September windows update


Microsoft issues ‘critical’ September windows update

John-Paul Kamath

Microsoft has released a critical software patch for Windows to address a vulnerability that could allow an attacker to execute remote code on another machine.

This vulnerability was privately reported to Microsoft and exists in Microsoft Agent. It handles certain specially crafted URLs. The vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Symantec Security Response rates the remote code execution vulnerability in Microsoft Agent ActiveX as critical, since ActiveX controls run on a significant number of systems. Consumers and enterprise users using Microsoft Windows 2000 are susceptible to exploits if they visit a malicious Web page. A successful exploit could allow an attacker to install malicious code of his or her choice, and could potentially allow the attacker to gain complete control of the affected system.

"Symantec has observed a significant increase in ActiveX vulnerabilities this year," said Kevin Hogan, senior manager at Symantec Security Response. "Due to the availability of public proof-of-concept code, we also think the MSN Messenger and Windows Live Messenger vulnerability is a high urgency issue."

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy