Yet another Microsoft flaw ‘could affect millions’
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
Microsoft has disclosed a serious flaw in its web server, Internet browser and most versions of its operating systems that could affect millions of customers.
The US software giant yesterday urged users of its Internet Information Server web server, Internet Explorer browser versions 5.01, 5.5 and 6.0 and Windows 2000, Millennium, 98 and 95 operating systems to immediately download a software patch from its web site. Windows XP, its newest operating system, is not affected by the flaw.
The vulnerability, discovered by Californian security company Foundstone, could allow an attacker to take over a web server, spread an email virus, create a fast-spreading network 'worm' or even format a hard drive.
It affects versions 2.1, 2.5 and 2.6 of the Microsoft Data Access Components (MDAC), a collection of components that provide database access for Windows platforms. It involves an 'unchecked buffer' in the Remote Data Services component of MDAC.
Microsoft rated the flaw as 'critical' - the most urgent of its new security categories, above 'important', 'moderate' and 'low'.
"There are millions of systems and clients that will be affected by this," said George Kurtz, Foundstone's CEO. "This is huge."
Foundstone discovered the vulnerability in August 2002 and disclosed the information to Microsoft at the time, he added.
Customers are advised to review the appropriate security bulletin, MS02-065, on Microsoft's web site and then download and install the software patch.
