You are here: silicon.com > Software > Security Strategy

Security Strategy

Microsoft owns up to latest Windows flaw

It's a day that ends in a 'y' - must be time for a security warning from Gates and Co...

By Robert Lemos

Published: 19 September 2002 10:00 GMT

Microsoft has issued a warning relating to two new critical flaws in its Windows operating system that could allow a malicious attacker to take control of a user's PC.

The critical flaws occur in the software giant's implementation of the Java Virtual Machine, which allows platform-independent programs to run on a PC.

"[The flaws] could enable an attacker to gain complete control over a user's system," stated the advisory. "This would enable the attacker to perform any operation that the user could, such as running applications; communicating with websites [and] adding, deleting or changing data."

An attacker could exploit the flaws by getting the victim to view a certain website with the code embedded in the page. HTML email could also be a danger, unless the recipient uses Outlook 2002, Outlook Express 6.0 or has installed the Outlook Email Security Update.

Those who used the Internet Explorer security settings to disable Java applets won't be affected by the vulnerabilities.

The first vulnerability is caused by a lack of vigilance of certain Java classes that handle database requests. While the classes do attempt to block illegal requests, the security measures can be bypassed, the advisory states.

A second flaw occurs in a Java class that's provided to support the use of XML via Java, but allows all programs - not just a select few - to use the methods.

Microsoft has a patch posted on its site and linked from the advisory. Windows users can also get the patch through Windows Update.

Robert Lemos writes for News.com

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead

Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy


  • Jobs
Database Administrator (SQL server) DBA

Microsoft Outlook would be useful.This position requires some out of hours working if necessary as the systems run 24/7 and reliability is key.This ...

IT Trainer (Bilingual - French & English) - LONDON

You will be used to writing & designing your own training material & scheduling your own training classes. You will have materials & information ...

Support Coordinator Software House London

Training will be provided on all of the companies programs.Skills and experience:* 2 years in a customer service role in the UK* Excellent verbal and ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.





Quick Sitemap Links: