News

Critical Vulnerability Affects Most Windows Systems

Microsoft warned users late Wednesday of a critical new vulnerability involving the Microsoft Data Access Components, a ubiquitous technology present on most Windows systems. Especially vulnerable are Web servers in the middle of three-tier architectures with a SQL Server database at the back end and most Internet Explorer users.

Microsoft also issued an unrelated cumulative patch for Internet Explorer.

The critical vulnerability is a buffer overrun involving Remote Data Services (RDS), a component of MDAC. Microsoft describes MDAC as providing underlying functionality for a number of database operations. An unchecked buffer in a function called the RDS Data Stub permits an attacker to use a specially malformed HTTP request to cause a heap overrun. A sophisticated attack could result in the attacker to execute code on the target machine.

"Web server administrators should either install the patch, disable MDAC and/or RDS, or upgrade to MDAC 2.7, which is not affected by the vulnerability. Web client users should install the patch immediately on any system that is used for Web browsing," Microsoft's bulletin warns.

What makes the vulnerability especially serious for Internet Explorer is that the RDS Data Stub is included with all current versions of IE and there is no option to disable it. To exploit the vulnerability, an attacker would need to lure a user to a Web page that would send an HTTP reply to the user that would overrun the buffer.

A patch is available at www.microsoft.com/technet/security/bulletin/ms02-065.asp.

The separate cumulative Internet Explorer patch fixes six newly discovered vulnerabilities. It can be found at www.microsoft.com/technet/security/bulletin/ms02-066.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • SharePoint Framework 1.8 Now Generally Available

    Microsoft this week announced that SharePoint Framework 1.8 had reached "general availability" status, although some features are still at the preview stage.

  • How To Create Office 365 User Accounts in Bulk

    Manual account creation can be tedious, time-consuming and prone to human error, especially if you have more than a handful of Office 365 users to set up. Brien shows you a better way.

  • System Center 2019 Reaches General Availability

    System Center 2019 has now reached the "general availability" product stage, Microsoft indicated in a Thursday update.

  • SharePoint Online Users Getting News Improvements This Month

    Microsoft plans to roll out new capabilities for SharePoint Online users this month that will add greater control over how News articles appear in SharePoint sites, according to a Wednesday announcement.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.