Careers & Certifications

06:20 PM
Connect Directly
RSS
E-Mail
50%
50%

New Windows Bugs "Critical," Lack Patches

A trio of new and unpatched vulnerabilities in Microsoft Windows were made public on security mailing lists over the weekend.

The second bug, which is in Windows' ANI (animated cursor) files, could be used by an attacker to crash or freeze a Windows PC, said Venustech in its analysis. Windows XP SP2 is not vulnerable to this flaw, however.

But it is to the third, and last, of the trio, which revolves around how Windows parses help files. The bug can be exploited to create a buffer overflow, and thus give attackers control of the computer, if users open a maliciously-crafted help file posted on a site or sent to them via e-mail.

Secunia bundled the three bugs and labeled the group as a "highly critical" vulnerability, the second highest warning the firm uses. "Don't visit untrusted Web sites and don't open documents from untrusted sources," advised Secunia.

The SANS Institute's Internet Storm Center (ISC) gave similar stay-clear advice. "Try not to install help files until some Tuesday in, we hope, January," the center reported.

The ISC reference to Tuesday relates to Microsoft's practice of releasing patches on the second Tuesday of every month. The next scheduled security bulletin/patch day is Jan. 11, 2005.

Previous
2 of 3
Next
Comment  | 
Print  | 
More Insights
Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Twitter Feed