Windows open to critical vulnerabilities

Microsoft has detailed three newly discovered security flaws, two of which it rates as 'critical' because they could allow hackers to take remote control of compromised PCs.

The critical MS05-001 bug uses a handling flaw in HTML to allow malicious third parties to run arbitrary code remotely on unpatched PCs. The vulnerability exists in the HTML Help ActiveX control in Windows.

"If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft warned.

An attacker could then install programs, view, change or delete data, or create new accounts with full privileges.

Users whose accounts are configured to have fewer privileges on the system could be less affected than those who operate with administrative privileges.

The other critical flaw centres on a vulnerability in cursor and icon format handling that could also allow remote code execution.

An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, install programs, view, change or delete data, or create new accounts that have full privileges, according to Microsoft's advisory.

"A remote code execution vulnerability exists in the way that cursor, animated cursor, and icon formats are handled," Microsoft stated.

"An attacker could try to exploit the vulnerability by constructing a malicious cursor or icon file that could potentially allow remote code execution if a user visited a malicious website or viewed a malicious email message."

The third vulnerability, rated as 'important', has been found in the Windows Indexing Service that could allow remote code execution on an affected system. Microsoft pointed out that Indexing Service is not enabled by default on affected systems.

A wide variety of the software giant's consumer and business operating systems are affected by the flaws including Windows 2000, XP (SP2 only patches against one of the critical vulnerabilities) and Windows Server 2003.

Microsoft's security advice can be found here.