Feeds

MS Word, IIS/FrontPage, NetMeeting security warnings issued

Did we miss anything?

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Three MS security bulletins came down today, one dealing with a new exploit of an old hole; one original; and one involving yet another unchecked buffer.

First up the worst of the three: a hole in MS Word enabling an attacker to run a malicious macro against a user. In this case, a Word document can be modified so as to bypass the application's built-in macro checker. Macros run at the user's level of permission so attacks could involve any action the user is capable of taking.

Word 2002, Word 2000, Word 97, Word 98 (J), and Word 98/Word 2001 for Mac are affected.

Download the patches here.



Next up, an unchecked buffer in a FrontPage Server Extension which gives an attacker total control of the target machine. An optional component called Visual Studio RAD (Remote Application Deployment) support is at issue.

RAD allows Visual InterDev 6.0 users to register and un-register COM objects on an IIS 4.0 or 5.0 Server. Unfortunately it contains an unchecked buffer in a section that processes input information, MS explains.

Sending a malformed packet during a Web session with the target machine can result in system-level access. Fortunately, RAD support is not enabled by default, so not everyone with FPSE will be affected.

Download the patches here.



Finally, a new twist on a previously-patched issue in NetMeeting. A remote denial of service (DoS) vulnerability can be exploited when a malicious client sends a malformed string to a port on which the NetMeeting service is listening (with Remote Desktop Sharing enabled).

There's a flaw in NetMeeting which boosts CPU use to 100 per cent when the right string is sent, thereby overloading the target machine. NetMeeting Version 3.01 running on Windows 2000 or Windows NT 4.0 is affected. The first such hole was reported last October.

Get the patch dealing with both issues here. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Preview redux: Microsoft ships new Windows 10 build with 7,000 changes
Latest bleeding-edge bits borrow Action Center from Windows Phone
Google opens Inbox – email for people too thick to handle email
Print this article out and give it to someone tech-y if you get stuck
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Entity Framework goes 'code first' as Microsoft pulls visual design tool
Visual Studio database diagramming's out the window
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.