More flaws threaten Windows
Published: 13 Jun 2002 14:15 BST
Microsoft posted three advisories on its Web site on Wednesday detailing several recently discovered flaws, one of which was deemed critical for Windows NT and 2000 servers.
The software giant dubbed "critical" a buffer overflow in its remote access service (RAS) software, which is a native element in the Windows NT 4.0, Windows 2000 and Windows XP ooperating systems. The security hole could allow an intruder to run any code, the advisory stated.
"An attacker who successfully exploited this vulnerability could gain complete control over the machine, thereby gaining the ability to take any desired action," said the advisory.
Another release detailed two flaws in the way Microsoft SQL Server handles the XML data exchange format, and a third release warned that Web servers with HTR scripting turned on are also in danger. HTR is an older, obsolete type of scripting now replaced by active server pages.
The new advisories point to the latest of a number of flaws Microsoft has identified in recent months, at the same time that it's been running a high-profile campaign to stamp out such problems.
In January, chairman Bill Gates signaled a new direction for the company in an e-mail to all his employees, asking them to help make Microsoft's software "trustworthy." The company has been toiling to button up its products and exterminate critical bugs, but seems to still have its work cut out for it.
The three advisories bring Microsoft's total for the year to 30, detailing nearly 40 flaws.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
38 out of 95 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
