Microsoft Alerts Windows Operating System Users to Security Issue

Anyone who browses the Internet, checks email, or hosts a Web site with a Microsoft Windows operating system needs to apply a security update that was made public Thursday, November 21 by Microsoft.


According to a release from Microsoft, an attacker who successfully exploits the security vulnerability could gain complete control of the system and gain the ability to take any action that the legitimate user could take.

This could include creating, modifying or deleting data on the system, reconfiguring it, reformatting the hard drive, changing Web pages, or running programs of the attacker’s choice, said Stephen Funk, USU Helpdesk Supervisor.

The vulnerability poses a risk both to Web servers and Web clients, and Microsoft strongly recommends that all users take action immediately to ensure that their systems are protected.

Anyone using Microsoft Windows 2000, Windows Me, Windows 98, or Windows NT needs the update. Windows XP is not affected. Earlier versions than those mentioned are no longer supported by Microsoft and may or may not be affected by the vulnerability.

A patch was created to address the vulnerability and can be downloaded and installed from http://www.microsoft.com/downloads/Release.asp?ReleaseID=44733.

Funk said, "This is the first time I have seen an update that affects every version." He said it is important for everyone to install the update.

Those who browse the Web with Internet Explorer are especially at risk, as are those who have Microsoft Data Access Components (MDAC) on their computers. According to Microsoft, almost all computers have Microsoft Data Access Components installed. MDAC is a part of many versions of Windows and Microsoft applications. It gives programs the ability to access data sources indirectly. This is used on the Internet frequently.

An unchecked buffer in one of Microsoft Data Access Components caused the vulnerability. A buffer is a temporary storage area for data. An unchecked buffer is dangerous because it can be overrun with random data and will corrupt memory, leading to program or operating system failure.

Any faculty, staff, administrator or student at Utah State University who has questions regarding this update can call the Helpdesk at 797-4358.

By Danielle Hegsted