Microsoft releases three new patches

Microsoft released three security bulletins yesterday, one 'critical' and two 'important', which between them cover all Windows platforms.

The 'critical' flaw, which affects almost all versions of Windows, consists of a buffer overrun in the Windows HTML Converter which could allow an attacker to execute code of their choice.

All versions of Windows contain support for file conversion within the operating system, which allows users to convert file formats from one to another.

But a flaw when cutting and pasting HTML files could allow a specially crafted request to cause the converter to fail in a way that would allow for the execution of malicious code in the context of the logged-in user.

Such an exploit could be embedded within an HTML mail or web page, and requires no specific input from the user other than viewing the page.

The second vulnerability, classed as 'important', is also a buffer overrun that could lead to data corruption and allow an attacker to execute code of their choice. This vulnerability affects XP, 2000 and NT.

A flaw exists in the way that a server validates the parameters of an Server Message Block (SMB) packet.

SMB is the internet standard protocol that Windows uses to share files, printers and serial ports, and to communicate between computers using named pipes and mail slots.

If a specially crafted SMB packet with a buffer length less than is needed is sent to the machine, it will cause a buffer overrun and either cause system failure or allow an attacker to run code of their choice.

But an attacker would need a valid user account and would need to be authenticated by the server to exploit this flaw.

The third vulnerability, classed as 'important' and only affecting Windows 2000, allows a local user to elevate their privileges by exploiting the Accessibility options for disabled users.

There is a flaw in the way that the Accessibility Utility Manager handles Windows messages.

A specially crafted Windows message set upon the Utility Manager process could cause it to take any action the attacker specified, giving the attacker complete control over the system.

Microsoft has released patches for all three vulnerabilities and strongly urges administrators to install them.

Windows HTML Converter

Buffer overrun: XP, 2000 and NT

Accessibility: Windows 2000