Microsoft Announces Web View Security Hole in Windows 2000
0 (0)

The Internet Patrol - Patrolling the Internet for You
Rate this post!
 

Microsoft this week has announced a newly-discovered vulnerability in its Windows Explorer for Windows 2000. When the vulnerability is triggered, someone wishing to exploit the vulnerability would be able to remotely execute code on the user’s system, the advisory explained.

“A remote code execution vulnerability exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields. By persuading a user to preview a malicious file, an attacker could execute code. However, user interaction is required to exploit this vulnerability,” said the announcement.


Users with Microsoft Windows 2000 SP3 and SP4 are broadly affected. Users with Microsoft Windows Millennium Edition have the affected component as well, however Microsoft does not consider the risk to Windows ME systems to be critical, and Microsoft’s policy for support for Windows ME (along with Windows 98) is that “Microsoft will only release security updates for critical security issues. Non-critical security issues are not offered during this support period.”

The Microsoft website suggests the following workaround to the vulnerability, in addition to installing the Windows 2000 update:

Disable Web View:

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

Disabling Web View will reduce the ability to maliciously use this feature to perform an attack. To disable Web View, follow these steps:

1. Open My Computer

2. Under the Tools menu, select Folder Options.

 

3. On the General tab in the Web View section, select Use Windows classic folders

4. Click OK

Microsoft also warns that the user must log out and back in for the workaround to take affect, and that the work around will “reduce the functionality of Windows Explorer by removing the left hand task pane which contains links to common folders and tasks.”

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

Rate this post!
 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.