Print
Discuss
Send to friend
RSS feedsMicrosoft is warning of yet another critical flaw which could give hackers "complete control" over computers running one of several versions of its operating system.
The software giant confirmed that the flaw affects Microsoft Windows NT 4.0, NT Server 4.0 Terminal Server Edition, Windows 2000, XP and Server 2003. Systems administrators should apply the update immediately, Microsoft said.
The security vulnerability exists in the Microsoft Abstract Syntax Notation 1 (ASN.1) Library, deep within the system code.
Microsoft said an attacker using a buffer overflow to exploit the vulnerability could execute code with system privileges on an affected system.
"The attacker could then take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges," the company warned.
But Microsoft said in the most likely exploitable scenario, an attacker would have to have direct access to the user's network.
Server systems are at greater risk than client computers because they are more likely to have a server process running that decodes ASN.1 data.
ASN.1 is a data standard used by many applications to allow the understanding of data across various platforms.
Although Microsoft has known about the flaw since last July, it claims that the breadth of systems affected has caused the long delay before a one-patch-fixes-all release could be issued.
Microsoft has come under fire for weaknesses in its software. Only last week it issued an emergency fix for Internet Explorer, fixing a flaw exploited by hackers to imitate websites in so-called 'phishing' attacks for users' personal details.
Click here for full details of the patch update.
See also:
All Hacking
del.icio.us
Digg this
reddit!
