Microsoft Announces Web View Security Hole in Windows 2000   5/11/2005 - 891 views,

Summary: Microsoft this week has announced a newly-discovered vulnerability in its Windows Explorer for Windows 2000. When the vulnerability is triggered, someone wishing to exploit the vulnerability would be able to remotely execute code on the user's system, the advisory explained. "A remote code ...

Previous Article « WidgetJacking: Zaptastic Shows Us the Big Hole in Tiger’s Dashboard
Read Next Article » AIM Mail: AOL Jumps on the 2Gig Webmail Bandwagon with AOL Instant Messenger Mail


Microsoft this week has announced a newly-discovered vulnerability in its Windows Explorer for Windows 2000. When the vulnerability is triggered, someone wishing to exploit the vulnerability would be able to remotely execute code on the user’s system, the advisory explained.

“A remote code execution vulnerability exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields. By persuading a user to preview a malicious file, an attacker could execute code. However, user interaction is required to exploit this vulnerability,” said the announcement.

Users with Microsoft Windows 2000 SP3 and SP4 are broadly affected. Users with Microsoft Windows Millennium Edition have the affected component as well, however Microsoft does not consider the risk to Windows ME systems to be critical, and Microsoft’s policy for support for Windows ME (along with Windows 98) is that “Microsoft will only release security updates for critical security issues. Non-critical security issues are not offered during this support period.”

The Microsoft website suggests the following workaround to the vulnerability, in addition to installing the Windows 2000 update:

Disable Web View:

Disabling Web View will reduce the ability to maliciously use this feature to perform an attack. To disable Web View, follow these steps:

1. Open My Computer

2. Under the Tools menu, select Folder Options.

3. On the General tab in the Web View section, select Use Windows classic folders

4. Click OK

Microsoft also warns that the user must log out and back in for the workaround to take affect, and that the work around will “reduce the functionality of Windows Explorer by removing the left hand task pane which contains links to common folders and tasks.”

The update is available here

Get FREE email alerts of new Internet Patrol stories!
    *We never share your email address with anyone

Email Address:
Date of first visit:
How you found us:

Be sure to watch for the confirmation email!

Subscribe to The Internet Patrol on your cell phone    Email the link for this page to a friend!

Read more:

»  Two More Windows Patches from Microsoft

»  Security Hole in Microsoft Excel

»  Windows ActiveX Flaw Still Active After Patch

»  New Microsoft Security Warning Affects Large Number of Windows Users

For additional similar stories check out our archives on Security

 

No Comments »

No comments yet.

RSS feed for comments on this post.

Leave a comment

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!

If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.

Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

(required)

(required)


If you have not posted a comment here before, we apologize for having to ask you to enter the letters and numbers you see in the image above to validate your comment, but we are being attacked by thousands of comment form spams every day! You only need to do this once; once you have successfuly posted a comment here you will not be asked to do this again. Thank you for your understanding!

 
The Internet Patrol
Patrolling the Internet for You!