We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Another day, another flaw

Microsoft patches critical Windows Me security hole

Users of Microsoft's Windows Me operating system risk having their files deleted by a hacker because of what the company called "a critical security vulnerability".

It has issued a patch for the Windows Me Help and Support Center where the URL (uniform resource locator) handler for the "hcp://" prefix, used to access the centre, contains an unchecked buffer.

An attacker could create a URL that executes his or her code on the user's computer and gives access to local files, which can then be added to, modified or deleted. The false URL could be placed on a web page or emailed to the intended victim, Microsoft said.

The severity of email attacks would depend on the email client being used. Outlook Express 6.0 or Outlook 2002 in the user's default configurations, or Outlook 98 or 2000 in conjunction with the Outlook Mail Security Update, would stop automated attacks, but the user is still vulnerable if they click on the link in an email. If the user had another email client, the attack could be triggered automatically.

In order for an attacker to be successful they would have to lure users to their own website or send them an HTML (hypertext markup language) email. On a PC running Internet Explorer 6.0 Service Pack 1, the Help and Support Center function cannot be started automatically in Outlook Express or Outlook, Microsoft said.


IDG UK Sites

Microsoft Band UK release date and price rumours, features and specs: Microsoft smartwatch unveiled

IDG UK Sites

Why Sony's PS4 2.0 update is every gamer's dream (well, mine at least)

IDG UK Sites

This Grolsch ad combines stop-motion & CG for majestic results

IDG UK Sites

Apple rumours and predictions for 2015: What to expect from Apple in 2015