MS Patches Trio of Windows Flaws
Latest News
SHARE
Facebook X Pinterest WhatsApp

MS Patches Trio of Windows Flaws

Written By
Dennis Fisher
Dennis Fisher
Jul 9, 2003
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Microsoft Corp. on Wednesday issued patches for three flaws in various versions of Windows, two of which give attackers the ability to run whatever code they wish on vulnerable machines.

The most serious of the vulnerabilities affects all currently supported versions of Windows, from Windows 98 up through Windows Server 2003. The problem lies in the HTML converter, which allows users to handle HTML files. A vulnerability results from the way the converter handles conversion requests during cut-and-paste operations.

An attacker who could create a special conversion request could cause the converter to fail in a way that enables the attacker to execute code on the users machine. The code would run with the users privileges. The patch for this flaw is here.

The second vulnerability affects Windows NT 4.0, Windows 2000 and XP Professional and results from a buffer overrun in a portion of the operating system that handles Server Message Block requests. When the Windows server receives SMB packets, it fails to validate the length of the buffer established by the packet. As a result, an attacker could use a malicious SMB request to overrun the buffer, which would cause one of three things to happen: data corruption, a system failure or code execution.

However, in order to exploit this flaw, the attacker would need to be authenticated to the server. The patch for this issue is located here.

The third flaw affects only Windows 2000 and results because the Windows Utility Manager handles some messages incorrectly. The control that provides the list of accessibility options to the user doesnt validate Windows messages sent to it. This allows one interactive process to use a specific message to cause the Utility Manager to execute a callback function to the address of its choice.

Because the Utility Manager runs at a higher privilege level, this would allow the inferior process with a way to use the Utility Managers privilege set. An attacker able to exploit this would have complete control over the compromised system, Microsoft said in its bulletin. But, this flaw cannot be exploited remotely.

The patch for this vulnerability is here.
Dennis Fisher
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information