Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42869
  • Total Topics: 16078
  • Online Today: 3461
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









Author Topic: Another Microsoft Bug Revealed on Huge Patch Day (".wri" extension)  (Read 2618 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Along with its biggest patch release in five years, Microsoft warned on Tuesday of another potentially dangerous vulnerability in its software.

The problem lies within the WordPad Text Converter for Word 97 files, Microsoft said in an advisory.

The systems affected include Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Microsoft said. XP Service Pack 3 and the Vista operating systems are not affected.

The company said it has seen limited, targeted attacks. If exploited, a hacker could gain the same rights on a PC as a local user and could remotely execute code.

Microsoft is investigating the problem. Microsoft typically releases patches on the second Tuesday of the month. If Microsoft sticks to its schedule, the earliest a patch could be released would be Jan. 13. However, Microsoft has deviated from its patching cycle when a vulnerability is considered particularly dangerous.

The vulnerability can't be exploited by simply opening an e-mail, Microsoft said. The victim would have to open an attachment containing a malicious file designed to exploit the problem.

Microsoft said Word 97 documents are opened by default with Office Word if a user has that application installed. Word is not affected by the problem, but attackers could try to rename the malicious file with a Windows Write (.wri) extension, which would be cause WordPad to try to open it. The company advised that ".wri" attachments could be blocked at the network gateway, reducing the risk a user would open a harmful file.

Microsoft released on Tuesday eight patches covering 28 vulnerabilities within applications including Internet Explorer, Sharepoint, Office, Windows Media Player and its Vista OS. Six of those patches were classified as "critical."

(PC World)

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising