Microsoft warns about Windows

Danielle Hegsted

Anyone who browses the Internet, checks e-mail, or hosts a Web site with Microsoft Windows operating system needs to apply a security update made public today by Microsoft.

According to the Microsoft release, an attacker who successfully exploits the security vulnerability could gain complete control of the system and the ability to take any action the legitimate user could take.

This could include creating, modifying, deleting or reconfiguring data on the system, reformatting the hard drive, changing Web pages, or running programs of the attacker’s choice, said Stephen Funk, USU Help Desk supervisor.

The vulnerability poses a risk both to Web servers and Web clients, and Microsoft strongly recommends all users take action immediately to ensure their systems are protected, according to the release.

Anyone using Microsoft Windows 2000, Windows Me, Windows 98, or Windows NT needs the update. Windows XP is not affected. Earlier versions than those mentioned are no longer supported by Microsoft and may or may not be affected by the vulnerability.

A patch was created to address the vulnerability and can be downloaded and installed from http://www.microsoft.com/downloads/Release.asp?ReleaseID=44733.

Funk said, “This is the first time I have seen an update that affects every version.”

It is important for everyone to install the update, he said.

Those who browse the Web with Internet Explorer are especially at risk, as are those who have Microsoft Data Access Components (MDAC) on their computers. According to Microsoft, almost all computers have Microsoft Data Access Components installed. MDAC is a part of many versions of Windows and Microsoft applications. It gives programs the ability to access data sources indirectly. This is used on the Internet frequently.

An unchecked buffer in one of Microsoft Data Access Components caused the vulnerability. A buffer is a temporary storage area for data. An unchecked buffer is dangerous, because it can be overrun with random data and will corrupt memory, leading to program- or operating-system failure.

Any faculty, staff, administrators or students at Utah State University who have questions regarding this update can call the Help Desk at 797-4358.

-dhegsted@cc.usu.edu