Microsoft patches critical Windows ME hole

Microsoft has warned users of its Windows Millennium Edition (Me) operating system to patch their systems or risk having files...

Microsoft has warned users of its Windows Millennium Edition (Me) operating system to patch their sytems or risk having files deleted by an attacker.

The vulnerability has been listed as "critical".

An unchecked buffer in the Windows Me Help and Support Centre could allow attackers to create a URL that executes their code on users computers and gives access to local files. These could then be added to, deleted or modified.

The false URL could be placed on a Web page or e-mailed to the intended victims.

The severity of e-mail attacks would depend on the e-mail client being used. Outlook Express 6.0 or Outlook 2002 in the user's default configurations, or Outlook 98 or 2000 in conjunction with the Outlook Mail Security Update, would stop automated attacks.

However, users are still vulnerable if they click on the link in an e-mail. If the user had another e-mail client, the attack could be triggered automatically.

For an attacker to be successful, they would have to lure users to their own website or send them an HTML e-mail. If users are running Internet Explorer 6.0 Service Pack 1, the Help and Support Centre function cannot be started automatically in Outlook Express or Outlook, Microsoft said.

http://www.microsoft.com/security/security_bulletins/ms03-006.asp

Read more on Microsoft Windows software

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close