Microsoft has released two separate security updates for Windows 2000 which, while of low to moderate importance, are further examples of the operating system's security weaknesses.
The patches prevent a possible denial of service (DoS) attack and address a low-risk weakness that allows users to upgrade their security privileges to administrator status.
Experts said that although the risk is low to moderate, the problems are resulting in network downtime while administrators install patches and reboot systems.
The DoS problem is the more serious of the two. It can occur when a malicious client sends a particular malformed remote procedure call (RPC) packet over a network to the server used as the primary domain device. Although it doesn't physically crash the computer used as the server, it prevents users logging on, and disables links to it.
The Still Image Service (SIS) bug, however, requires an attacker to physically gain entry into the server room and attach an SIS - a digital camera, for example - to the administrator's workstation.
If this kind of access is possible, the user can take advantage of an unchecked buffer on the host present in the SIS. The attacker then uses malicious code to raise their clearance level from user to that of the SIS, or local system. This then gives them control of the administrator's workstation.
Mark Read, systems development supervisor at security consultant MIS Corporate Defence, told vnunet.com: "This is an issue, but the scenario necessary means it is not of major concern. However, with the DoS vulnerability, administrators need either to install the patch, or be able to trust their internal users 100 per cent."
"They don't need the patch to prevent attacks originating over the internet as long as they have a firewall in place that blocks access to the RPC ports, which are 135-139 and 445. If they don't have a firewall, they should download the patch," he said.
"There have been a lot of patches released for Windows 2000. It doesn't seem to be a very secure system. It makes you wonder how many vulnerabilities remain to be discovered," added Read.
The patches can be downloaded from www.microsoft.com. The DoS fix will also be included in the next Windows 2000 service pack.
Much of today's AI is narrowly focused on specific tasks - a far cry from the general AI envisioned by the early pioneers
US space agency believes the crater could have preserved ancient organic molecules from the water that flowed there billions of years ago
Valve quietly closes down hardware initiatives launched following Windows 8
Scientists create a virtual reality simulation of a black hole sitting at the centre of the Milky Way
Simulations like this can help people understand complicated systems in the universe in a better way