Microsoft is to release six security alerts with updates to tackle flaws in its Windows operating system on Tuesday. At least one of the patches will fix a “critical” flaw.
The advance notice of Microsoft’s security patches follows an announcement at the end of last month by security firm eEye Digital Security that a security vulnerability had been found in the Remote Desktop Services portion of the Windows 2000, XP and Server 2003 operating systems.
The security firm said: “This high-risk security vulnerability could potentially allow an attacker to send a specially crafted Remote Desktop Protocol request to an affected system, which would result in a denial of service.”
It described the security issue as “a dramatic threat to business continuity”, adding that it could provide protection against the vulnerability “in lieu of a software patch from Microsoft”.
eEye did not detail the nature of the flaw, but moved to dampen press speculation about the scale of the threat it posed. “Some known security experts were quoted saying that there is a high likelihood that this vulnerability can be exploited to run arbitrary code on the target systems. This is completely false,” an eEye security alert said.
The potential result of successful exploitation was “nothing more severe” than denial of service, it added. The flaw could not be exploited in a worm attack.