Microsoft Patches Flaw in Windows Me | eWeek

Microsoft Patches Flaw in Windows Me

Verfasst von
Dennis Fisher
Dennis Fisher
Feb 26, 2003
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Microsoft Corp. on Wednesday issued a patch for a new critical vulnerability in Windows Me that gives attackers the ability to execute code on remote machines.

The vulnerability is the result of a buffer overrun in the Help and Support Center in Windows Me. Specifically, the problem lies in the URL handler for the “hcp://” prefix, which is used to execute URL links to the Help and Support Center.

In order to exploit the flaw, an attacker would need to create a URL that would execute the attackers code when the user clicked on it. The attacker could either host the URL on a Web site or send it to a user in e-mail.

In the Web-based attack, if the user clicked on the URL, the attacker would then be able to read or open files on the users machine. If the URL was sent via e-mail, the scenario is a bit more complicated. Users running Outlook 2002 or Outlook Express 6.0 in their default configurations or Outlook 98 or 2000 with the Outlook Email Security Update installed would still need to click on the link in order to launch the attack.

However, users not running one of the above configurations would be vulnerable to an automated attack that would launch as soon as they opened the malicious e-mail, according to Microsofts advisory.

The patch for this vulnerability is available here.

Most recent security stories:

Search for more stories about Microsoft.
Search for more stories by Dennis Fisher.
Find white papers on security.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.