Microsoft Patches Critical Windows Me Flaw

Download our in-depth report: The Ultimate Guide to IT Security Vendors

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Microsoft has appended a 'critical' rating to a security patch issued for buffer overflows in its Windows Me Help and Support Center.

The Help and Support Center, which gives users a centralized facility to get assistance on a variety of topics, contains an unchecked buffer in the way it handles the hcp:// prefix in a URL link.

Microsoft warned that an attacker could dupe a user into clicking on the URL and then executing harmful code. The attack scenarios could be Web-based and via e-mail, the company warned.

It said the patch (available for download here), should be installed immediately to avoid a Web-based attack scenario where a vulnerable system would allow an attacker to read or launch files already present on the local machine.

In the case of an e-mail borne attack, if a users was not using Outlook Express 6.0 or Outlook 2002 as the default e-mail client, Microsoft said the attack could be triggered automatically without the user having to click on a URL contained in an e-mail.

The Windows Me Help Center provides product documentation and hardware compatibility assistance to Microsoft customers. It also gives users access to the Windows Update and online support from Microsoft.

Submit a Comment

Loading Comments...