News

Microsoft Fixes IE, NT Bugs

Microsoft released one patch to block an exploit that allows a Web site operator to view files on visiting users' computers and another patch to fix a bug that can cause a Windows NT machine to stop responding to service requests without appearing to crash.

The Web vulnerability is found in Internet Explorer versions 4.01, 5, and 5.01. To access a file on a Web site visitors' machine, a malicious Web site operator must know the name and location of the file. The exploit takes advantage of timing conditions to bypass Internet Explorer security restrictions when it executes a server-side redirect from a client window the Web server is permitted to view to a client-local file it is not supposed to be able to access. The patch is available at http://www.microsoft.com/windows/ie/security/servredir.asp.

The other attack, which comes in the form of a malformed argument supplied to a resource enumeration request, causes a cascade of failures that leave the system running but not in service. The Windows NT Service Control Manager fails first, causing named pipes to fail, which then prevent many other types of system services from operating. The situation requires a reboot.

Microsoft offers a few workarounds including blocking NetBios requests at the firewall and disabling anonymous logons for null sessions to submit enumeration requests.

The x86 patch is available at http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16382. The Alpha patch is available at http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16383. Microsoft is working on a patch for Windows NT 4.0, Terminal Server Edition. -- Isaac Slepner

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Windows 10 Mobile To Fall Out of Support in December

    Microsoft will end support for the Windows 10 Mobile operating system on Dec. 10, 2019, according to an announcement.

  • Get More Out of Your Outlook Inbox with TakeNote

    Brien comes across a handy, but imperfect, feature in Outlook that lets you annotate specific e-mails. Its provenance is something of a mystery, though.

  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.