Careers & Certifications

06:20 PM
Connect Directly
RSS
E-Mail
50%
50%

New Windows Bugs "Critical," Lack Patches

A trio of new and unpatched vulnerabilities in Microsoft Windows were made public on security mailing lists over the weekend.

A trio of new and unpatched vulnerabilities in Microsoft Windows were made public on security mailing lists over the weekend, nudging some security vendors to alert users that their systems may be open to attack and hijacking.

The vulnerabilities, first reported by a Chinese group and then posted to the Bugtraq mailing list, are in Windows' LoadImage API function, its animated cursor files, and in the way it handles help files. All of the bugs are as yet unpatched.

All currently-supported versions of Windows -- Windows NT, 2000, XP, and Windows Server 2003 -- are affected by the three flaws, said Venustech, the Chinese security firm that posted analysis on Bugtraq. Some impact Windows XP Service Pack 2 (SP2), some don't.

The LoadImage API vulnerability, for instance -- the latest in a series of image-related vulnerabilities that have hit Windows, Unix, and Linux -- affects Windows NT through Windows Server 2003. Whether Windows XP SP2 is at risk, however, isn't yet known.

This vulnerability could be exploited by attackers who entice users to a malicious Web site that includes a specially-crafted icon, cursor, animated cursor, or bitmap file, said Danish security firm Secunia in its alert. Alternately, the malicious image could be delivered via HTML e-mail. Users who view such messages or visit such sites could find their systems hijacked by hackers, who would be able to run their own code remotely on the PC.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Cartoon
Hot Topics
4
IT Certification's Top 10 Benefits
Global Knowledge, Global Knowledge,  8/20/2014
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Slideshows
Twitter Feed