Microsoft Flaw Leaves Web Servers, Clients Open To Attack

The flaw is in a set of components called Microsoft Data Access Components (MDAC) that provide database connectivity on Windows platforms, Microsoft said. Specifically, it affects one of the components, Remote Data Services, which supports a client's request for services from a back-end database via a Web site.

The vulnerability could allow an attacker to run code of his choice on both Microsoft Web servers and Windows clients. Web servers are at risk if they have a vulnerable version of MDAC, while most Web clients are at risk because the component is included in all current versions of Internet Explorer, Microsoft said.

"Clearly, this vulnerability is very serious, and Microsoft recommends that all customers whose systems could be affected by them take appropriate action immediately," Microsoft said in its bulletin.

Microsoft has a patch available to fix the flaw. Information on the patch is available online at Microsoft's Web site.

Microsoft said Web server administrators should install the patch, disable MDAC and/or RDS, or upgrade to MDAC 2.7, which is not affected by the vulnerability. Web client users should install the patch immediately on any system used for Web browsing, the company said.