We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,864 News Articles

Yet more Microsoft flaws

Windows XP, NT and 2000 vulnerability patched

Microsoft is patching up its software again, after it found four security vulnerabilities in several of its products – one of which was deemed "critical".

The most serious defect affects Windows XP, NT 4.0 and 2000. The problem is a buffer overrun flaw in the phone book of the RAS (remote access service) — a standard part of all three operating systems. This fault means an attacker could gain control over your PC or cause it to fail, according to Microsoft.

To carry out an attack, an attacker first has to change a RAS setting on the affected system, before connecting to the system using RAS. If the target system's settings restrict user access, it will not be at risk, Microsoft said.

More information on the RAS flaw can be found here.

The other problems are with Internet Information Server (IIS) 4.0 and 5.0, the web server components of Windows NT 4.0 and Windows 2000. An attacker could run arbitrary code on the system by exploiting a flaw in software that supports HTR scripting, an older and largely obsolete scripting language, Microsoft warned.

HTR has been part of IIS since version 2.0. It was never widely adopted because ASP (Active Server Pages), introduced in IIS 4.0, became popular before HTR use took off. Virtually the only use for HTR today is a web-based NT-password-managed service, Microsoft said, adding that it has long recommended customers to disable HTR functionality and convert scripts that are needed to ASP. The IIS Lockdown Tool offered by Microsoft disables HTR by default.

More information on this issue can be found here.

The final two vulnerabilities are in the SQLXML part of SQL Server 2000. SQLXML enables the transfer of XML (Extensible Markup Language) data to and from SQL Server 2000. The most serious of the flaws could allow an attacker to take over the machine running the database, Microsoft explained.

Microsoft's advice on this problem can be found here.


IDG UK Sites

45 Best Android games: top Android games for your smartphone or tablet in 2014 (24 are free!)

IDG UK Sites

How Apple, Adobe, Microsoft and others have let us down over UltraHD and hiDPI screens

IDG UK Sites

Do you have the X-Factor too? Mix Off app puts fans in the frame

IDG UK Sites

iPad Pro release date, rumours and leaked images - 12.9 screen 'coming in 2015'