Microsoft security vulnerabilities
Microsoft security vulnerabilities
Microsoft has announced new security faults in Windows and Internet Explorer, which could take complete control of a computer, allowing hackers to install new software, wipe hard drives and take over files.
The main fault lies in the Microsoft Windows Abstract Syntax Notation (ASN), which uses language to understand the syntax of data messages between applications and computers.
If there is a problem with the ASN library, this will affect the operating system's security subsystems, which include Kerberos and NTLM authentication. This will in term affect the security capabilities for email and Microsoft's Internet Explorer browsers.
Microsoft have said that they cannot work around this fault, and the only way to fix this issue is to install the fix, available through the Windows Update service. Windows NT 4.0, Windows 200, Windows XP, and Windows Server 2003 are all affected and must be meanded.
Executives at eEye Digital Security said: "These flaws can be detected and exploited remotely, and have the potential to cause serious damage if not immediately remediated. Ironically, the security-related functionality in Windows is especially adept at rendering a machine vulnerable to an attack."
Other vulnerabilities include problems in Internet Explorer's browser security model - its URL can be hijacked and used as a spoof address, leading to deceitful web sites being created under legitimate URLs. The drag-an-drop operations are open to corruption too.
Internet Explorer versions 5.01 are affected by this and should be fixed as soon as possible too.
Windows NT, Windows 2000 and Windows Server 2003 also have a problem with how Windows' Internet Naming Service validates data packets. Hackers are able to bring down the WINS server.
But these can also be fixed via downloads from Windows Update.
However, the ASN is the biggest threat. March Maiffret, the chief hacking officer at eEye said: "These are potentially catastrophic vulnerabilities. It's imperative that organisations immediately apply the appropriate patches to ensure their systems are secure."
Related Article: