New Critical Security flaw found in MS operating systems!

Question

New Critical Security flaw found in Microsoft Windows operating systems!

Answer

This question was answered on July 11, 2003. Much of the information contained herein may have changed since posting.

Most users of Microsoft OS's are affected by this vulnerability and should update their systems to patch this flaw immediately.

All versions of Microsoft Windows contain support for HTML conversion within the operating system. This functionality allows users to view, import, or save files as HTML. There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. This flaw causes a security vulnerability to exist. A specially crafted request to the HTML converter could cause the converter to fail in such a way that it could execute code in the context of the currently logged-in user. A user visiting an attacker's Web site could allow the attacker to exploit the vulnerability without any other user action.

Microsoft encourages all customers to review the Security Bulletins to keep optimal security. The risk is considered ‘critical’ which is the highest security breach they have. The vulnerability allows the attacker to execute code of his or her choice after the victim is enticed to go to a specific web site.

An attacker could then host this malicious web page on a web site, or could send a link to the user via e-mail. The vulnerability themselves provide no way to force a user to a web site.

Download locations for this patch:

The patches for all Windows systems are available via:

Windows Update

The complete technical details are posted at the Microsoft web site:

<a href="http://www.microsoft.com/technet/security/bulletin/MS03-023.asp"> http://www.microsoft.com/technet/security/bulletin/MS03-023.asp</a>

Author

Posted by Michal of Data Doctors on July 11, 2003