Microsoft Reveals 'Critical' Flaw in Software

Microsoft has disclosed a serious vulnerability in its Windows operating system affecting Windows XP, Windows 2000, Windows 98, Windows 98 Second Edition, Windows Me, Windows NT 4.0 Server and Windows Server 2003 operating systems, and users could unwittingly spread bad code to others unless they apply a patch to fix their software.
The software giant has termed the flaw "critical," which is the highest step on its four-step rating system.

Two other flaws were also disclosed yesterday that were deemed "important." The three warnings are numbers 23, 24 and 25 from Microsoft this year.

The critical flaw could allow a "buffer overrun," which Microsoft’s website describes as "an attack in which a malicious user exploits an unchecked buffer in a program and overwrites the program code with their own data. If the program code is overwritten with new executable code, the effect is to change the program's operation as dictated by the attacker. If overwritten with other data, the likely effect is to cause the program to crash."

The buffer overrun, found in the HTML converter in the Windows operating system, was the most serious of the reported flaws. Hackers could manipulate the vulnerability to spread the code through HTML in an e-mail or by developing a web page that causes the code to be automatically downloaded by visitors.

What makes the flaw particularly daunting is that it can be set in motion without the user doing anything to cause it. Microsoft posted a patch for the vulnerability on its website.

All of the above listed versions of Windows hold the critical flaw but it is less severe in Windows Server 2003, which has enhanced security built in.

"We certainly want everyone to apply the patch in order to protect their computers," Microsoft Security Response Center's Stephen Toulouse said on News.com. He said the company was not told of the problem, but rather learned about it when it was reported by several security mailing lists over the last month.

"We are disappointed that the finder chose not to bring that directly to us," Toulouse said. "As soon as we were made aware of that, we began our program to develop a fix as fast as we could."

The other two flaws revealed by Microsoft bulletins were called “important.” One is a buffer overrun in Windows NT, Windows 2000 Server and Windows XP and the other identifies a problem within Windows 2000's utility manager that could make it possible for a user to bolster his or her access to a system.

You may like these other stories...

Following other recent high-profile hacking events, investigators discovered yesterday that hackers broke into the draft work paper files of several famous CPA firms. Revealing images of the scantily clad documents have been...
For bitcoin users, the taxman cometh. And you best know how to calculate taxes owed on what the IRS calls convertible virtual currency.In March 2014, the IRS issued Notice 2014-21, which declares virtual currency will be...
Earlier this year I wrote about my mixed feelings on Excel for iPad's debut. My closing sentence for that article read "The early iterations of Microsoft products tend to have rough edges that get smoothed out with...

Already a member? log in here.

Upcoming CPE Webinars

Sep 18
In this course, Amber Setter will shine the light on different types of leadership behavior- an integral part of everyone's career.
Sep 24
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
Sep 30
This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
Oct 23
Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.