HomeDeveloper

Microsoft Patches Trio of Vulnerabilities

Ryan Naraine
By Ryan Naraine

Microsoft has issued software patches for
three security vulnerabilities, including a flaw in Microsoft Outlook that could lead to the execution of harmful code.

The security fix for the widely deployed Outlook e-mail client, affects Microsoft Office XP Service Pack 2 and Microsoft Outlook 2002 Service Pack 2. Microsoft has tagged the vulnerability with an “important” rating.

In its latest monthly patch release for March, the software giant also fixed an information disclosure hole in the MSN Messenger client and a denial-of-service flaw in Windows Media Services. Both advisories carry a “moderate” rating.

According to the MS04-009 alert, Outlook 2002 could allow the Internet Explorer browser to execute script code in the Local Machine zone on an affected system.

“To exploit this vulnerability, an attacker would have to host a malicious Web site that contained a Web page designed to exploit the vulnerability and then persuade a user to view the Web page,” the company warned

Microsoft said an attacker could also create an HTML e-mail message designed to exploit the vulnerability and persuade the user to view the HTML e-mail message. A successful exploit could give an attacker access to files on a user’s system or the ability to run arbitrary code in the security context of the currently logged-on user.

A separate advisory was issued to warn of a flaw in the MSN Messenger instant messaging product that could leak sensitive user information. Affected versions include MSN Messenger 6.0 and 6.1.

Microsoft said the vulnerability exists because of the method used by MSN Messenger to handle a file request. A successful exploit could let an attacker view the contents of a file on the hard drive without the user’s knowledge as long as the attacker knew the location of the file and the user had read access to the file.

To exploit this vulnerability, an attacker would have to know the sign-on name of the MSN Messenger user in order to send the request.

A third advisory comes with a patch for a flaw in Windows Media Services that could cause denial-of-service attacks. The vulnerability affects users running Microsoft Windows 2000 Server Service Pack 2, Service Pack 3, and Service Pack 4.

The bug exists because of the way that certain components of Windows Media Services handle TCP/IP connections. If a remote user were to send a specially-crafted sequence of TCP/IP packets to the listening port of either of these services, the service could stop responding to requests and no additional connections could be made. An affected server would need to be restarted to regain its functionality.

Ryan Naraine
Ryan Naraine
Previous article
IBM Buys Integration Middleware Play
Next article
Alliance Sets Blade Standards In Motion

Similar Posts

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

Advertisers

Advertise with TechnologyAdvice on InternetNews and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2024 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.