Feeds

MS Word, IIS/FrontPage, NetMeeting security warnings issued

Did we miss anything?

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Three MS security bulletins came down today, one dealing with a new exploit of an old hole; one original; and one involving yet another unchecked buffer.

First up the worst of the three: a hole in MS Word enabling an attacker to run a malicious macro against a user. In this case, a Word document can be modified so as to bypass the application's built-in macro checker. Macros run at the user's level of permission so attacks could involve any action the user is capable of taking.

Word 2002, Word 2000, Word 97, Word 98 (J), and Word 98/Word 2001 for Mac are affected.

Download the patches here.



Next up, an unchecked buffer in a FrontPage Server Extension which gives an attacker total control of the target machine. An optional component called Visual Studio RAD (Remote Application Deployment) support is at issue.

RAD allows Visual InterDev 6.0 users to register and un-register COM objects on an IIS 4.0 or 5.0 Server. Unfortunately it contains an unchecked buffer in a section that processes input information, MS explains.

Sending a malformed packet during a Web session with the target machine can result in system-level access. Fortunately, RAD support is not enabled by default, so not everyone with FPSE will be affected.

Download the patches here.



Finally, a new twist on a previously-patched issue in NetMeeting. A remote denial of service (DoS) vulnerability can be exploited when a malicious client sends a malformed string to a port on which the NetMeeting service is listening (with Remote Desktop Sharing enabled).

There's a flaw in NetMeeting which boosts CPU use to 100 per cent when the right string is sent, thereby overloading the target machine. NetMeeting Version 3.01 running on Windows 2000 or Windows NT 4.0 is affected. The first such hole was reported last October.

Get the patch dealing with both issues here. ®

New hybrid storage solutions

More from The Register

next story
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
Keep that consumer browser tat away from our software says Oracle
Big Red decides it will only support Firefox's Extended Support Releases
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
TIBCO ponders new 'financial options', including sale or merger
Your challenge: find ways to satisfy shareholders of mid-sized enterprise software outfit
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.