News

Critical Vulnerability Affects Most Windows Systems

Microsoft warned users late Wednesday of a critical new vulnerability involving the Microsoft Data Access Components, a ubiquitous technology present on most Windows systems. Especially vulnerable are Web servers in the middle of three-tier architectures with a SQL Server database at the back end and most Internet Explorer users.

Microsoft also issued an unrelated cumulative patch for Internet Explorer.

The critical vulnerability is a buffer overrun involving Remote Data Services (RDS), a component of MDAC. Microsoft describes MDAC as providing underlying functionality for a number of database operations. An unchecked buffer in a function called the RDS Data Stub permits an attacker to use a specially malformed HTTP request to cause a heap overrun. A sophisticated attack could result in the attacker to execute code on the target machine.

"Web server administrators should either install the patch, disable MDAC and/or RDS, or upgrade to MDAC 2.7, which is not affected by the vulnerability. Web client users should install the patch immediately on any system that is used for Web browsing," Microsoft's bulletin warns.

What makes the vulnerability especially serious for Internet Explorer is that the RDS Data Stub is included with all current versions of IE and there is no option to disable it. To exploit the vulnerability, an attacker would need to lure a user to a Web page that would send an HTTP reply to the user that would overrun the buffer.

A patch is available at www.microsoft.com/technet/security/bulletin/ms02-065.asp.

The separate cumulative Internet Explorer patch fixes six newly discovered vulnerabilities. It can be found at www.microsoft.com/technet/security/bulletin/ms02-066.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

  • How To Use PowerShell Splatting

    Despite its weird name, splatting can be a really handy technique if you create a lot of PowerShell scripts.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.