Microsoft Warns on Windows, IE Flaws IE 5, 5.5 Users at Risk Ed Sutherland
Microsoft is warning Windows and Internet Explorer users to take steps to prevent two security exploits. The two advisories affect Microsoft Windows Millennium and Internet Explorer 5.
Users of Internet Explorer 5.0 and Internet Explorer 5.5 on Windows Millennium Edition and Windows 2000 face possible attacks from misuse of Windows Metafile graphic images to take control of computers.
According to the advisory, this vulnerability could allow an attacker to execute arbitrary code on the user's system.
Still bruised by previous WMF security flaws, the Redmond, Wash.-based Microsoft emphasized the current WMF exploit is different from the problem patched last month.
Unlike last month's spyware concerns, this flaw requires some action by users, such as opening an e-mail attachment or clicking a link that takes them to a malicious Web site. The immediate cure: installing Internet Explorer 6 Service Pack 1.
Microsoft also is addressing security trouble permitting a privilege security vulnerability created by some third-party software.
The flaw, first reported to the Redmond software giant by two Princeton University researchers, could allow access controls to be changed, permitting someone with low security to issue commands normally reserved for the
computer's owner.
The problem is present in Windows XP or Windows Server 2003 computers that have not upgraded to the latest service packs. Alternately, permissions for the four affected default Windows XP and Windows Server 2003 components can manually be set.
Microsoft is not aware of any attacks employing the Princeton "proof-of-concept" security concern, according to the software maker.
Two of the four Windows services would need to be run while in privileged mode, while others are vulnerable when operated in Windows XP Service Pack 1, according to the company's advisory.
