We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Yet more Microsoft flaws

Windows XP, NT and 2000 vulnerability patched

Microsoft is patching up its software again, after it found four security vulnerabilities in several of its products – one of which was deemed "critical".

The most serious defect affects Windows XP, NT 4.0 and 2000. The problem is a buffer overrun flaw in the phone book of the RAS (remote access service) — a standard part of all three operating systems. This fault means an attacker could gain control over your PC or cause it to fail, according to Microsoft.

To carry out an attack, an attacker first has to change a RAS setting on the affected system, before connecting to the system using RAS. If the target system's settings restrict user access, it will not be at risk, Microsoft said.

More information on the RAS flaw can be found here.

The other problems are with Internet Information Server (IIS) 4.0 and 5.0, the web server components of Windows NT 4.0 and Windows 2000. An attacker could run arbitrary code on the system by exploiting a flaw in software that supports HTR scripting, an older and largely obsolete scripting language, Microsoft warned.

HTR has been part of IIS since version 2.0. It was never widely adopted because ASP (Active Server Pages), introduced in IIS 4.0, became popular before HTR use took off. Virtually the only use for HTR today is a web-based NT-password-managed service, Microsoft said, adding that it has long recommended customers to disable HTR functionality and convert scripts that are needed to ASP. The IIS Lockdown Tool offered by Microsoft disables HTR by default.

More information on this issue can be found here.

The final two vulnerabilities are in the SQLXML part of SQL Server 2000. SQLXML enables the transfer of XML (Extensible Markup Language) data to and from SQL Server 2000. The most serious of the flaws could allow an attacker to take over the machine running the database, Microsoft explained.

Microsoft's advice on this problem can be found here.


IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model