Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
Microsoft Patches Four More Security Flaws
Software giant issues new security bulletins, one regarding a critical flaw in some versions of Windows.
Joris Evers, IDG News Service
Microsoft issued three security bulletins late Wednesday, offering patches for four recently discovered security vulnerabilities in several of its products. One hole in Windows NT, Windows 2000, and Windows XP was rated "critical" by the vendor.
The hole deemed "critical" is a buffer overrun flaw in the phone book of the Remote Access Service, a standard part of Windows NT 4.0, Windows 2000, and Windows XP. An attacker could gain full control over the machine or cause it to fail, Microsoft says in its advisory.
To carry out an attack, an attacker first has to change a RAS setting on the affected system, before connecting to the system using RAS. If the target system's settings restrict user access, it will not be at risk, Microsoft says. RAS is used for dial-up connections.
More Concerns
Another bulletin addresses a flaw in Internet Information Server versions 4.0 and 5.0, the Web server components of Windows NT 4.0 and Windows 2000. An attacker could run arbitrary code on the system by exploiting a flaw in software that supports HTR scripting, an older and largely obsolete scripting language, Microsoft says.
HTR has been part of IIS since version 2.0. It was never widely adopted because Active Server Pages, or ASP, introduced in IIS 4.0, became popular before HTR use could take off. Virtually the only use for HTR today is a Web-based NT password managed service, Microsoft says, adding that it has long recommended customers to disable HTR functionality and convert scripts that are needed to ASP. The IIS Lockdown Tool offered by Microsoft disables HTR by default.
A third security bulletin addresses two vulnerabilities in the SQLXML part of SQL Server 2000. SQLXML enables the transfer of XML data to and from SQL Server 2000. The most serious of the flaws could allow an attacker to take over the machine running the database, Microsoft says.
Pick Your Patch
More information on the RAS flaw can be found at: http://www.microsoft.com/technet/security/bulletin/MS02-029.asp.
More information on the flaw in IIS versions 4.0 and 5.0 can be found at: http://www.microsoft.com/technet/security/bulletin/MS02-028.asp.
More information on the SQLXML flaw can be found at: http://www.microsoft.com/technet/security/bulletin/MS02-030.asp.
Microsoft Office Home and Student 2007
Top Selling Laptops
People who read this also read:
Office Suites
Office: Mac 2008 Home and StudentPrice: $100.89
Office 2007 Home and StudentPrice: $77.95
Office 2007 Professional (Academic)Price: $99.95
Office 2007 ProfessionalPrice: $135.00
Office 2007 Small BusinessPrice: $214.99
Office 2003 ProfessionalPrice: $100.00
-
Perfect Printing Solutions Find just the right All-in-One printer for you from HP. Visit the HP Resource Center.
-
Lenovo Laptop Showcase Find out how Lenovo IdeaPads and Thinkpads balance performance and portability. Visit the Lenovo Resource Center for more info...
