News

Microsoft Fixes IE, NT Bugs

Microsoft released one patch to block an exploit that allows a Web site operator to view files on visiting users' computers and another patch to fix a bug that can cause a Windows NT machine to stop responding to service requests without appearing to crash.

The Web vulnerability is found in Internet Explorer versions 4.01, 5, and 5.01. To access a file on a Web site visitors' machine, a malicious Web site operator must know the name and location of the file. The exploit takes advantage of timing conditions to bypass Internet Explorer security restrictions when it executes a server-side redirect from a client window the Web server is permitted to view to a client-local file it is not supposed to be able to access. The patch is available at http://www.microsoft.com/windows/ie/security/servredir.asp.

The other attack, which comes in the form of a malformed argument supplied to a resource enumeration request, causes a cascade of failures that leave the system running but not in service. The Windows NT Service Control Manager fails first, causing named pipes to fail, which then prevent many other types of system services from operating. The situation requires a reboot.

Microsoft offers a few workarounds including blocking NetBios requests at the firewall and disabling anonymous logons for null sessions to submit enumeration requests.

The x86 patch is available at http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16382. The Alpha patch is available at http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16383. Microsoft is working on a patch for Windows NT 4.0, Terminal Server Edition. -- Isaac Slepner

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus