WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
Microsoft Patches Eight Software Holes
Security holes, two of which are serious, involve the virtual machine used to run Java apps on Windows.
Joris Evers, IDG News Service
A serious security flaw in Microsoft's virtual machine found on most Windows PCs could allow an attacker to take over a user's system, Microsoft warned late Wednesday. A fixed version of the software is available.
Microsoft's VM is used for running Java applications on Windows PCs and comes with most Windows and Internet Explorer versions. All builds up to and including build 5.0.3805 are affected by eight security flaws, six of which pose a "low" or "moderate" risk to users, Microsoft said in security bulletin MS02-069.
Two vulnerabilities, however, are serious. Exploiting a "critical" flaw in a security feature of the VM could allow an attacker to gain control over a user's system, while another "important" flaw could be exploited to trick the VM into giving an attacker read access to files on a user's PC and network drives, Microsoft said.
Rating System
Under Microsoft's security rating system, changed last month, critical vulnerabilities are those that could be exploited to allow malicious Internet worms to spread without user action. Important are those vulnerabilities that could expose user data or threaten system resources.
An attacker could exploit the VM flaws by luring a user to an especially coded Web page or sending that page via HTML e-mail, Microsoft said. The Redmond, Washington, company urges users to upgrade to VM build 3809, which is available from the Windows Update Web site.
Users can check if and what version of Microsoft's VM is installed by opening a command box and entering "jview." VM is installed when a program runs. The version number appears in the topmost line.
Windows Warnings
Also on Wednesday, Microsoft issued two other security bulletins warning of issues with various Windows versions.
Deemed "important" is a privilege elevation vulnerability in Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP. A malicious user could gain administrative privileges on a system by exploiting the flaw which lies in a Windows function, Microsoft said in security bulletin MS02-071.
A third Microsoft bulletin, MS02-070, details a "moderate" risk vulnerability in Windows 2000 and Windows XP without Service Pack 1 installed. An attacker could change group policy data received by client systems by silently disabling the signing of Server Message Block packets, Microsoft said.
- Sponsored Resource:Improve your network with the right mix of features, performance and pricing.
- Sponsored Resource:Growing your business requires the right tools. Dell's networking servers can help.
- Sponsored Resource:Thinking about a new Laptop? Lenovo has models to meet everyone's needs.
- Sponsored Resource:Twitter: A how-to guide for using Twitter as a business tool.
- Sponsored Resource:Smartphone security threats are on the rise. Is it time to safegaurd your device?
Print 65% more pages than with refilled inks. Trust Original HP Inks. Hit Print Reliably.
Laptop Showcase
People who read this also read:
Best Prices on Security Software
Norton Internet Security 2009 - 1 User/3 PCPrice: $20.53
Norton Internet Security 2009 - 1 User/1 PCPrice: $15.95
Internet Security 2009Price: $15.99
Norton 360Price: $25.00
Norton Internet Security 2009 - 1 User/3 PC, Small BoxPrice: $20.45
Internet Security 2009Price: $24.95
-
Cisco Small Business Center Find out how to keep employees mobile, connected and productive with secure wireless networking.
-
Dell Servers for Small Business Click here to see how a Dell server can help you back up your company's data and save you valuable time.
