Microsoft Warns of 'Important' Windows Flaw (again).. a little note of warning

Harkoliar · 05-12-2004, 08:40 AM

http://news.yahoo.com/news?tmpl=stor..._security_dc_3

SAN FRANCISCO (Reuters) - A flaw in Microsoft Corp.'s (Nasdaq:MSFT - news) almost universally used Windows operating system could allow hackers to take control of a PC by luring users to a malicious Web site and coaxing them into clicking on a link, the company warned on Tuesday

The world's largest software maker issued the warning as part of its monthly security bulletin, along with a patch to fix the problem.

The security warning was rated "important," the second most serious on Microsoft's four-tiered rating scale for computer security threats. The highest is "critical."

Anti-virus software company Symantec Corp. (Nasdaq:SYMC - news) called the vulnerability a "high risk" due to the impact the flaw could have if successfully exploited.

The security flaw affects the latest versions of Windows, including Windows XP (news - web sites), and software for networked computers such as Windows Server 2003, Microsoft said.

Vincent Gullotto, vice president of the anti-virus emergency response team at Network Associates Inc. (NYSE:NET - news), said he did not believe the vulnerability was a high risk but said computer users should retrieve security patches from Microsoft's Web site.

Stephen Toulouse, a manager at Microsoft's Security Response Center, said that while the vulnerability would not allow for the automatic spread of a virus in the way the recent Sasser worm spread across global networks, it could still have serious consequences.

"The net result of an attack would be for an attacker to be able to do anything you already do on your computer," he said.

To exploit the vulnerability, an attacker would have to host a Web site that contains a Web page used to exploit the vulnerability and then persuade the user to visit the Web site and perform several actions before the attacker could take over a computer, Toulouse said.

The fast-moving Sasser computer worm hit PC users running the ubiquitous Microsoft Windows 2000 (news - web sites), NT and XP operating systems a little over a week ago, afflicting computer users around the world by causing automatic reboots and slowing down Internet connections.

The suspected author of the Sasser worm was caught in Germany this past weekend.

Tuesday's security bulletin is the 15th issued so far this year by Microsoft, of which seven have identified "critical" flaws in its software. Redmond, Washington-based Microsoft issued 51 security bulletins in 2003.

Last year, Microsoft adopted a new monthly patch release program, which it said would let customers apply software fixes for security bugs more easily.

DBear · 05-13-2004, 12:28 AM

Moments like these are when I'm glad I only have Win98 [img]smile.gif[/img]

Bungleau · 05-13-2004, 11:00 AM

Yeah, but since IE 6 runs with Win98....

You've still gotta pay attention. Oh, look at that -- time to go download the latest Windows patches.

05-12-2004, 08:40 AM	#1
Harkoliar Jack Burton Join Date: March 21, 2001 Location: Philippines, but now Harbor City Sydney Age: 41 Posts: 5,556	http://news.yahoo.com/news?tmpl=stor..._security_dc_3 SAN FRANCISCO (Reuters) - A flaw in Microsoft Corp.'s (Nasdaq:MSFT - news) almost universally used Windows operating system could allow hackers to take control of a PC by luring users to a malicious Web site and coaxing them into clicking on a link, the company warned on Tuesday The world's largest software maker issued the warning as part of its monthly security bulletin, along with a patch to fix the problem. The security warning was rated "important," the second most serious on Microsoft's four-tiered rating scale for computer security threats. The highest is "critical." Anti-virus software company Symantec Corp. (Nasdaq:SYMC - news) called the vulnerability a "high risk" due to the impact the flaw could have if successfully exploited. The security flaw affects the latest versions of Windows, including Windows XP (news - web sites), and software for networked computers such as Windows Server 2003, Microsoft said. Vincent Gullotto, vice president of the anti-virus emergency response team at Network Associates Inc. (NYSE:NET - news), said he did not believe the vulnerability was a high risk but said computer users should retrieve security patches from Microsoft's Web site. Stephen Toulouse, a manager at Microsoft's Security Response Center, said that while the vulnerability would not allow for the automatic spread of a virus in the way the recent Sasser worm spread across global networks, it could still have serious consequences. "The net result of an attack would be for an attacker to be able to do anything you already do on your computer," he said. To exploit the vulnerability, an attacker would have to host a Web site that contains a Web page used to exploit the vulnerability and then persuade the user to visit the Web site and perform several actions before the attacker could take over a computer, Toulouse said. The fast-moving Sasser computer worm hit PC users running the ubiquitous Microsoft Windows 2000 (news - web sites), NT and XP operating systems a little over a week ago, afflicting computer users around the world by causing automatic reboots and slowing down Internet connections. The suspected author of the Sasser worm was caught in Germany this past weekend. Tuesday's security bulletin is the 15th issued so far this year by Microsoft, of which seven have identified "critical" flaws in its software. Redmond, Washington-based Microsoft issued 51 security bulletins in 2003. Last year, Microsoft adopted a new monthly patch release program, which it said would let customers apply software fixes for security bugs more easily. __________________ Catch me if you can..

05-13-2004, 12:28 AM	#2
DBear Drow Warrior Join Date: April 1, 2004 Location: trapped inside this octavarium Age: 57 Posts: 251	Moments like these are when I'm glad I only have Win98 [img]smile.gif[/img] __________________ <i>\"You have been sat here far too long for the good that you are doing. Depart, I say, and let us be done with you. In the name of God, go!\"</i>\"--Oliver Cromwell

05-13-2004, 11:00 AM	#3
Bungleau 40th Level Warrior Join Date: October 29, 2001 Location: Western Wilds of Michigan Posts: 11,752	Yeah, but since IE 6 runs with Win98.... You've still gotta pay attention. Oh, look at that -- time to go download the latest Windows patches. __________________ B Save Early, Save Often Save Before, Save After Two-Star General, Spelling Soldiers -+-+-+ Give 'em a hug one more time. It might be the last.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
VERY IMPORTANT NOTE to all Oblivion players	TheCrimsomBlade	Miscellaneous Games (RPG or not)	12	04-01-2006 01:26 PM
Note Important To Roleplayers in The One Eyed Wolf	TheGrandSlayer	Ironworks Online Roleplaying	0	12-14-2002 09:10 AM
Microsoft Discloses Software Flaw	RudeDawg	General Conversation Archives (11/2000 - 01/2005)	4	06-14-2002 03:02 AM
important note on one spell	realbinky	Wizards & Warriors Forum	9	05-24-2001 08:43 PM
Important note, please read	Moggl	Baldurs Gate & Tales of the Sword Coast	0	06-29-2000 10:13 AM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)