Microsoft has issued a patch to prevent a potentially devastating vulnerability that could allow an attacker to gain control of a victim's host system for its network management software.
The buffer overflow vulnerability in its Network Monitor (Netmon) utility software could allow hostile code to be executed on a remote computer with privileged levels of access.
Netmon, available with NT and Windows 2000, captures traffic on a local network which translates the information into a readable format for the user interface. Separate dynamic link libraries (DLLs) within Netmon parse individual application protocols. One of these libraries which parses HTTP traffic, 'browser.dll', is vulnerable, Microsoft said.
According to security vendor ISS, Netmon will crash or exit when corrupt data is captured and parsed because of buffer overflow problems with its DLL. This buffer overflow allows a remote attacker to gain privileged access and install arbitrary code on any computer running Netmon that displays this captured data.
Paul Rogers, network security analyst at MIS Corporate Defence Solutions, said: "The Network Monitor is quite a useful tool for looking at internal networks. If web servers are not properly firewalled, they might well be affected by this problem, but the largest percentage of systems affected will be on the local area network."
The vulnerability of Netmon affects all versions of Windows NT 4.0 Server and Windows 2000 Server, which include a basic version of Netmon that allows an administrator to analyse data sent to or from their computer.
It also affects Microsoft Systems Management Server versions 1.2 and 2.0, which also include the full version of Netmon, and can gather data over a full network segment. The software vendor has issued a series of patches for these products, aimed at correcting the problem.
In a separate move, Microsoft has released a patch to fix a buffer overflow problem involving the ActiveX Control included with Windows 2000. Depending on the data entered when invoking the ActiveX control, a malicious user could either launch a denial of service attack or execute arbitrary code on a remote system.
Commons Science and Technology Committee calls for new post-Brexit skilled-workers immigration system
Committee calls for visa-free travel and permit-free work for skilled workers
Eleven 'normal' outer moons, and one described as 'oddball' found circling Jupiter
Scientific discovery has found a quadrillion tonnes of diamonds in the earth's mantle
Mobile payment app makes users' details public by default