News

Critical Flaw Affects All Supported Versions of Windows

Microsoft late Wednesday alerted customers to a critical flaw affecting all versions of Windows since Windows NT 4.0 and Windows 98.

The problem in the Windows Script Engine could allow attackers to run code of their choice on the systems of users who visited a malicious Web page or opened a malformed HTML e-mail.

A patch was available with the security bulletin at www.microsoft.com/technet/security/bulletin/MS03-008.asp. Affected platforms include Windows 98, Windows 98 Second Edition, Windows Me, Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000 and Windows XP. Windows 95 is no longer supported so the platform was not tested for vulnerability to the issue.

Microsoft considered the vulnerability so severe that it provided temporary workarounds for customers to use while they evaluated and tested the patch for deployment.

Workarounds were turning off Active Scripting support in Internet Explorer, installing the Outlook E-mail Security Update and restricting Web sites to Trusted Sites. "It should be noted that these workarounds should be considered temporary measures as they simply help block paths of attack rather than correcting the underlying vulnerability," the Microsoft bulletin asserted.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Previews Microsoft Teams for Linux

    Microsoft on Tuesday announced a "limited preview" release of Microsoft Teams for certain Linux desktop operating systems.

  • Hyper-V Architecture: Some Clarifications

    Brien answers two thought-provoking reader questions. First, do Hyper-V VMs have direct hardware access? And second, how is it possible to monitor VM resource consumption from the host operating system?

  • Old Stone Wall Graphic

    Microsoft Addressing 36 Vulnerabilities in December Security Patch Release

    Microsoft on Tuesday delivered its December bundle of security patches, which affect Windows, Internet Explorer, Office, Skype for Business, SQL Server and Visual Studio.

  • Microsoft Nudging Out Classic SharePoint Blogs

    So-called "classic" blogs used by SharePoint Online subscribers are on their way toward "retirement," according to Dec. 4 Microsoft Message Center post.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.