Microsoft Warns on Windows, IE Flaws
Redmond urges users upgrade IE and Windows Service Packs.
Users of Internet Explorer 5.0 and Internet Explorer 5.5 on Windows Millennium Edition and Windows 2000 face possible attacks from misuse of Windows Metafile graphic images to take control of computers.
According to the advisory, this vulnerability could allow an attacker to execute arbitrary code on the user's system.
Still bruised by previous WMF security flaws, the Redmond, Wash.-based Microsoft emphasized the current WMF exploit is different from the problem patched last month.
Unlike last month's spyware concerns, this flaw requires some action by users, such as opening an e-mail attachment or clicking a link that takes them to a malicious Web site. The immediate cure: installing Internet Explorer 6 Service Pack 1.
Microsoft also is addressing security trouble permitting a privilege security vulnerability created by some third-party software.
The flaw, first reported to the Redmond software giant by two Princeton University researchers, could allow access controls to be changed, permitting someone with low security to issue commands normally reserved for the computer's owner.
The problem is present in Windows XP or Windows Server 2003 computers that have not upgraded to the latest service packs. Alternately, permissions for the four affected default Windows XP and Windows Server 2003 components can manually be set.