|
|
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Australia. --------------------------------------------------------------
|
New vulnerabilities in Microsoft software By Michael Kanellos, CNET News.com March 10, 2004 URL: http://www.zdnet.com.au/news/security/soa/New-vulnerabilities-in-Microsoft-software/0,130061744,139116506,00.htm
Microsoft has revealed three new vulnerabilities in its software, including the first to affect MSN Messenger 6.0, and it is urging customers to patch their systems now. Two of the vulnerabilities are considered medium-level risks while the third presents a medium- to low-level risk, according to security software specialist Symantec and others. Three separate patches to repair the flaws have been released and are available for download. The identification of the vulnerabilities are part of Microsoft's regular security bulletin process. The three flaws affect different pieces of software. The first "vulnerability affects MSN Messenger 6.0 and MSN Messenger 6.1 and will allow attackers to view contents of a victim's hard drive during a chat session with the victim. Attackers "could view files through MSN Messenger on their computer," said Stephen Toulouse, security program manager for the Microsoft Security Response Center. "They can do it, and you are not necessarily aware of what they are doing." Users that do not block anonymous callers are most vulnerable to the exploit. If anonymous callers are blocked, the attacker has to be identified on the victim's address list. To obtain particular information, such as credit card numbers, attackers have to troll the hard drive, said Toulouse. However, they can continue to comb the drive as long as the chat session lasts. The second medium-level risk potentially allows a hacker to take over a system by executing Internet Explorer code through a flaw in Outlook 2002. A computer has to be configured in a particular manner, though, said Toulouse. The user has to set "Outlook Today" as their Outlook home page. "If you go to Outlook through your in-box, you are protected," he said. The third flaw allows attackers to instigate a denial-of-service attack against servers running Windows Media Services 4.1. The vulnerability exists due to the way that Windows Media Station Service and Windows Media Monitor Service, components of Windows Media Services, handle TCP/IP connections. If an attacker sent a particular sequence of packets to a server running Media Services 4.1, it could interrupt any video streams.
Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved. |
