Feeds

Poison applet could wipe Windows PCs

A brace of MS alerts

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

A brace of Microsoft security vulns pose risks for both home users and corporates.

The more serious problem, involving Microsoft's virtual machine (Microsoft VM), which enables Java programs to run on Microsoft Windows, provides a mechanism for attackers to run amok on Windows PCs. Microsoft has released a fix designed to address the problem, which affects users of Windows 98, NT 4, Windows 2000, XP and Windows Me.

Attacks including "changing data, loading and running programs, and reformatting the hard disk", might be possible, according to the low-fat version of Microsoft's alert.

Well if that doesn't get consumers patching, what will?

The more technical version of this alert explains that the vuln arises through a flaw with the ByteCode Verifier component of the Microsoft VM. This makes the component "blind" to the presence of malicious code in Java applets.

Java applets are disabled within the Restricted Sites Zone, which reduces the risk if you're using a hardened version of Microsoft's email clients. That still leaves other infection routes for Windows users. No surprise then that Microsoft describes the flaw as critical.

An alert on the problem, which links to patches, can be found here.

Separately, Microsoft yesterday released patches designed to fix denial of service vulnerabilities involving Microsoft Proxy Server 2.0 and Microsoft Internet Security and Acceleration (ISA) Server 2000. Both issues are covered in the same alert.

The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in ISA Server 2000 are subject to similar flaws, bot covered in the same alert. The upshot of both vulnerabilities is that internal ne'er do wells can send malformed packets that could cause servers to hang.

Patches, described by Microsoft as important, can be found be following links on the advisory here. ®

Internet Security Threat Report 2014

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.