Microsoft Reveals 'Critical' Flaw in Software

Microsoft has disclosed a serious vulnerability in its Windows operating system affecting Windows XP, Windows 2000, Windows 98, Windows 98 Second Edition, Windows Me, Windows NT 4.0 Server and Windows Server 2003 operating systems, and users could unwittingly spread bad code to others unless they apply a patch to fix their software.
The software giant has termed the flaw "critical," which is the highest step on its four-step rating system.

Two other flaws were also disclosed yesterday that were deemed "important." The three warnings are numbers 23, 24 and 25 from Microsoft this year.

The critical flaw could allow a "buffer overrun," which Microsoft’s website describes as "an attack in which a malicious user exploits an unchecked buffer in a program and overwrites the program code with their own data. If the program code is overwritten with new executable code, the effect is to change the program's operation as dictated by the attacker. If overwritten with other data, the likely effect is to cause the program to crash."

The buffer overrun, found in the HTML converter in the Windows operating system, was the most serious of the reported flaws. Hackers could manipulate the vulnerability to spread the code through HTML in an e-mail or by developing a web page that causes the code to be automatically downloaded by visitors.

What makes the flaw particularly daunting is that it can be set in motion without the user doing anything to cause it. Microsoft posted a patch for the vulnerability on its website.

All of the above listed versions of Windows hold the critical flaw but it is less severe in Windows Server 2003, which has enhanced security built in.

"We certainly want everyone to apply the patch in order to protect their computers," Microsoft Security Response Center's Stephen Toulouse said on News.com. He said the company was not told of the problem, but rather learned about it when it was reported by several security mailing lists over the last month.

"We are disappointed that the finder chose not to bring that directly to us," Toulouse said. "As soon as we were made aware of that, we began our program to develop a fix as fast as we could."

The other two flaws revealed by Microsoft bulletins were called “important.” One is a buffer overrun in Windows NT, Windows 2000 Server and Windows XP and the other identifies a problem within Windows 2000's utility manager that could make it possible for a user to bolster his or her access to a system.

You may like these other stories...

While reputational risk is the No. 1 nonfinancial concern among corporate directors, cybersecurity/IT risk is gaining steam. In fact, both private companies and organizations with more than $1 billion in revenue felt they...
Accountants who specialize in forensic and valuation services point to electronic data analysis, or big data, as the most pressing issue they’ll face in the coming months, according to results of a new survey released...
As complex as federal tax can get, at least you're only dealing with one agency: the IRS. But when you get into state and local sales tax, you're coordinating hundreds of jurisdictions that are constantly changing....

Upcoming CPE Webinars

Jul 31
In this session Excel expert David Ringstrom helps beginners get up to speed in Microsoft Excel. However, even experienced Excel users will learn some new tricks, particularly when David discusses under-utilized aspects of Excel.
Aug 5
This webcast will focus on accounting and disclosure policies for various types of consolidations and business combinations.
Aug 20
In this session we'll review best practices for how to generate interest in your firm’s services.