WiFi Finder

Locate wireless services by a specific address, city, state, country, airport, or zip code.

Get Connected Now

RSS Feeds

Get our latest content via convenient RSS feeds.

See All RSS Feeds

Become a PCW Member

Join the community and start enjoying the benefits:

Get tech advice from thousands of PC World Members
Rate and recommend the latest tech products
Share your thoughts in blog and article comments
Get free excerpts and exclusive discounts on Super Guides

Signing up is free and easy.

Microsoft Patches Four More Security Flaws

Software giant issues new security bulletins, one regarding a critical flaw in some versions of Windows.

Joris Evers, IDG News Service

Microsoft issued three security bulletins late Wednesday, offering patches for four recently discovered security vulnerabilities in several of its products. One hole in Windows NT, Windows 2000, and Windows XP was rated "critical" by the vendor.

The hole deemed "critical" is a buffer overrun flaw in the phone book of the Remote Access Service, a standard part of Windows NT 4.0, Windows 2000, and Windows XP. An attacker could gain full control over the machine or cause it to fail, Microsoft says in its advisory.

To carry out an attack, an attacker first has to change a RAS setting on the affected system, before connecting to the system using RAS. If the target system's settings restrict user access, it will not be at risk, Microsoft says. RAS is used for dial-up connections.

More Concerns

Another bulletin addresses a flaw in Internet Information Server versions 4.0 and 5.0, the Web server components of Windows NT 4.0 and Windows 2000. An attacker could run arbitrary code on the system by exploiting a flaw in software that supports HTR scripting, an older and largely obsolete scripting language, Microsoft says.

HTR has been part of IIS since version 2.0. It was never widely adopted because Active Server Pages, or ASP, introduced in IIS 4.0, became popular before HTR use could take off. Virtually the only use for HTR today is a Web-based NT password managed service, Microsoft says, adding that it has long recommended customers to disable HTR functionality and convert scripts that are needed to ASP. The IIS Lockdown Tool offered by Microsoft disables HTR by default.

A third security bulletin addresses two vulnerabilities in the SQLXML part of SQL Server 2000. SQLXML enables the transfer of XML data to and from SQL Server 2000. The most serious of the flaws could allow an attacker to take over the machine running the database, Microsoft says.

Pick Your Patch

More information on the RAS flaw can be found at: http://www.microsoft.com/technet/security/bulletin/MS02-029.asp.

More information on the flaw in IIS versions 4.0 and 5.0 can be found at: http://www.microsoft.com/technet/security/bulletin/MS02-028.asp.

More information on the SQLXML flaw can be found at: http://www.microsoft.com/technet/security/bulletin/MS02-030.asp.

Sponsored Resource:Improve your network with the right mix of features, performance and pricing.
Sponsored Resource:Growing your business requires the right tools. Dell's networking servers can help.
Sponsored Resource:Thinking about a new Laptop? Lenovo has models to meet everyone's needs.
Sponsored Resource:Twitter: A how-to guide for using Twitter as a business tool.
Sponsored Resource:Smartphone security threats are on the rise. Is it time to safegaurd your device?

Top Selling Laptops

See the latest and most popular laptops from Dell. Visit the Shopping Center

Save on Printing Costs

How a print management strategy can benefit your bottom line. Read more here.

Featured APC Accessories

APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.