Microsoft Issues Windows Security Patches

The critical flaw is a buffer overrun flaw in a utility called the HTML Converter, which allows users to view, import or save files as HTML. The flaw affects conversion requests during the cut-and-paste operation. To exploit the vulnerability, an attacker would create a specially formed HTML e-mail and send it to the user, or host a malicious Web site that contains a page designed to exploit the vulnerability, and persuade the user to visit the site. Further information and a patch are available from the Microsoft Web site.

The other two security bulletins:

1) A flaw affecting the accessibility options on Windows 2000 designed to make systems more accessible to handicapped users, could allow attackers to elevate priveleges on affected systems. Microsoft rates the flaw as important. The attack cannot be exploited remotely, and the attacker would have to be able to interactively log on to the system. Further information and a patch are available from the Microsoft Web site.

2) A buffer overrun flaw in Windows NT Server 4.0, Windows NT Server 4.0, Terminal Server Edition, Windows 2000 and Windows XP Professional could allow attackers to cause data corruption, system failure or run the code of their choice on the target system. Microsoft rates the flaw as important. Further information and a patch are available from the Microsoft Web site.

id
unit-1659132512259
type
Sponsored post

This story courtesy of Techweb.com.