Microsoft releases patch for major Windows security flaw

WASHINGTON (AFP) Jul 17, 2003
Microsoft has released a patch to fix a "critical" security problem that allows hackers to run whatever code they please on a wide variety of Windows-based systems.

Several versions of the Windows operating system -- including Windows NT 4.0, NT 4.0 Terminal Services Edition, 2000, XP and Server 2003 -- require updating to remove this flaw, Microsoft said in a notice posted on its website Wednesday. The patch can be downloaded from the website.

Windows' Millennium Edition was not affected.

Microsoft said the flaw was known as a "buffer overrun vulnerability."

"An attacker who successfully exploited this vulnerability could gain complete control over a remote computer," the world's leading software manufacturer said on its website.

"This would give the attacker the ability to take any action on the server that they want. For example, an attacker could change Web pages, reformat the hard disk or add new users to the local administrators group."

The problem was brought to Microsoft's attention by a security group based in Poland, known as The Last Stage Delirium Research Group, the US software giant said.

Microsoft has three levels of alert, with "critical" being the highest.

SPACE.WIRE