Microsoft Reveals 'Critical' Flaw in Software

Microsoft has disclosed a serious vulnerability in its Windows operating system affecting Windows XP, Windows 2000, Windows 98, Windows 98 Second Edition, Windows Me, Windows NT 4.0 Server and Windows Server 2003 operating systems, and users could unwittingly spread bad code to others unless they apply a patch to fix their software.
The software giant has termed the flaw "critical," which is the highest step on its four-step rating system.

Two other flaws were also disclosed yesterday that were deemed "important." The three warnings are numbers 23, 24 and 25 from Microsoft this year.

The critical flaw could allow a "buffer overrun," which Microsoft’s website describes as "an attack in which a malicious user exploits an unchecked buffer in a program and overwrites the program code with their own data. If the program code is overwritten with new executable code, the effect is to change the program's operation as dictated by the attacker. If overwritten with other data, the likely effect is to cause the program to crash."

The buffer overrun, found in the HTML converter in the Windows operating system, was the most serious of the reported flaws. Hackers could manipulate the vulnerability to spread the code through HTML in an e-mail or by developing a web page that causes the code to be automatically downloaded by visitors.

What makes the flaw particularly daunting is that it can be set in motion without the user doing anything to cause it. Microsoft posted a patch for the vulnerability on its website.

All of the above listed versions of Windows hold the critical flaw but it is less severe in Windows Server 2003, which has enhanced security built in.

"We certainly want everyone to apply the patch in order to protect their computers," Microsoft Security Response Center's Stephen Toulouse said on News.com. He said the company was not told of the problem, but rather learned about it when it was reported by several security mailing lists over the last month.

"We are disappointed that the finder chose not to bring that directly to us," Toulouse said. "As soon as we were made aware of that, we began our program to develop a fix as fast as we could."

The other two flaws revealed by Microsoft bulletins were called “important.” One is a buffer overrun in Windows NT, Windows 2000 Server and Windows XP and the other identifies a problem within Windows 2000's utility manager that could make it possible for a user to bolster his or her access to a system.

You may like these other stories...

Event Date: August 28, 2014, 2 pm ET Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to...
When you’re running an accounting office, it's easy to become inundated with paper, forms, and email attachments, especially when tax season rolls around. To prevent your office from becoming completely overwhelmed...
It's not a reality—yet—but accounting software is poised to eliminate accountants. We are at a tipping point for many similar professions: online education replacing professors, legal software replacing...

Upcoming CPE Webinars

Aug 5
This webcast will focus on accounting and disclosure policies for various types of consolidations and business combinations.
Aug 20
In this session we'll review best practices for how to generate interest in your firm’s services.
Aug 21
Meet budgets and client expectations using project management skills geared toward the unique challenges faced by CPAs. Kristen Rampe will share how knowing the keys to structuring and executing a successful project can make the difference between success and repeated failures.
Aug 28
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.