Microsoft Reveals 'Critical' Flaw in Software

Microsoft has disclosed a serious vulnerability in its Windows operating system affecting Windows XP, Windows 2000, Windows 98, Windows 98 Second Edition, Windows Me, Windows NT 4.0 Server and Windows Server 2003 operating systems, and users could unwittingly spread bad code to others unless they apply a patch to fix their software.
The software giant has termed the flaw "critical," which is the highest step on its four-step rating system.

Two other flaws were also disclosed yesterday that were deemed "important." The three warnings are numbers 23, 24 and 25 from Microsoft this year.

The critical flaw could allow a "buffer overrun," which Microsoft’s website describes as "an attack in which a malicious user exploits an unchecked buffer in a program and overwrites the program code with their own data. If the program code is overwritten with new executable code, the effect is to change the program's operation as dictated by the attacker. If overwritten with other data, the likely effect is to cause the program to crash."

The buffer overrun, found in the HTML converter in the Windows operating system, was the most serious of the reported flaws. Hackers could manipulate the vulnerability to spread the code through HTML in an e-mail or by developing a web page that causes the code to be automatically downloaded by visitors.

What makes the flaw particularly daunting is that it can be set in motion without the user doing anything to cause it. Microsoft posted a patch for the vulnerability on its website.

All of the above listed versions of Windows hold the critical flaw but it is less severe in Windows Server 2003, which has enhanced security built in.

"We certainly want everyone to apply the patch in order to protect their computers," Microsoft Security Response Center's Stephen Toulouse said on News.com. He said the company was not told of the problem, but rather learned about it when it was reported by several security mailing lists over the last month.

"We are disappointed that the finder chose not to bring that directly to us," Toulouse said. "As soon as we were made aware of that, we began our program to develop a fix as fast as we could."

The other two flaws revealed by Microsoft bulletins were called “important.” One is a buffer overrun in Windows NT, Windows 2000 Server and Windows XP and the other identifies a problem within Windows 2000's utility manager that could make it possible for a user to bolster his or her access to a system.

You may like these other stories...

In the old days, we used to tape down receipts from our travels and submit them to accounts payable. But that was before remote employees who may live in a different city from the home office. And of course, there's all...
In 2011, electrical services and technology provider Parsons Electric in Minneapolis, Minn., decided to take its accounting to the cloud. Monica Ross, the company's director of strategic projects, talked with AWEB about...
Event Date: July 24, 2014, 2 pm ET In this presentation Excel expert David Ringstrom, CPA revisits the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both boost the...

Upcoming CPE Webinars

Jul 16
Hand off work to others with finesse and success. Kristen Rampe, CPA will share how to ensure delegated work is properly handled from start to finish in this content-rich one hour webinar.
Jul 17
This webcast will cover the preparation of the statement of cash flows and focus on accounting and disclosure policies for other important issues described below.
Jul 23
We can’t deny a great divide exists between the expectations and workplace needs of Baby Boomers and Millennials. To create thriving organizational performance, we need to shift the way in which we groom future leaders.
Jul 24
In this presentation Excel expert David Ringstrom, CPA revisits the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both boost the integrity of your spreadsheets, but reduce maintenance as well.