Microsoft Patches IE, Windows Holes
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Microsoft Patches IE, Windows Holes

Written By
Dennis Fisher
Dennis Fisher
Aug 23, 2002
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Microsoft Corp. on Thursday released patches for a host of vulnerabilities in several of its products, including Internet Explorer, Windows NT, Windows 2000 and XP Professional.

The largest set of flaws is in IE, for which Microsoft released a new cumulative patch covering six new vulnerabilities as well as all previously discovered flaws.

Among the new flaws is a buffer overrun in an ActiveX control that is used to display specially formatted text in IE. The vulnerability could allow an attacker to run the code of his choice on the users machine.

Theres also a flaw in the way IE handles an HTML command that displays XML data. The directive should only allow data from the Web site itself to be displayed, but it does not check correctly for a referenced XML data source thats redirected to a different domain. An attacker could exploit this issue by using a Web page to open XML-based files on a remote system, according to Microsofts advisory.

The patch fixes four other vulnerabilities, including a buffer overrun in the Gopher protocol handler. This flaw has been known for some time, but no patch had been available.

The patch is here.

Microsoft also released a fix for a vulnerability in an ActiveX control in the Terminal Services Advanced Client. The control is designed to provide Terminal Services functionality in a Web browser.

There is a buffer overrun vulnerability in the code that processes one of the input parameters in the control. If an attacker called the control on a client system and overran the buffer, he could run code in the context of the logged-in user.

The patch for this flaw is available here.

There is also a buffer overrun in the Server Message Block protocol used to share files and network resources and communicate between machines using named pipes and mail slots. The protocol is vulnerable to a denial-of-service attack, which could be mounted by sending a carefully crafted request to a vulnerable server.

An attacker could use either a user account or anonymous access to mount the attack. The vulnerability affects Windows NT 4.0 Workstation and Server, 2000 Professional, Server and Advanced Server and XP Professional.

The patch is available here.

Related stories:
Dennis Fisher
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information