Flaw in Windows Script May Allow Code to Run

[TS | Thomas]

An attacker may exploit a vulnerability in Windows Script Engine by constructing a Web page that, when visited by a user, runs code of the attacker’s choice with user credentials. The attacker can host the Web page on a Web site or send the page directly to the user by e-mail.

Affected Software;
Windows XP
Windows 2000
Windows NT 4.0, Windows NT 4.0 Terminal Server Edition
Windows Millennium Edition
Windows 98 Second Edition & Windows 98

Download Patch now from Microsoft.

 

[poertner_1274]

Why does this not surprise me?

 

[negroplasty]

I can understand the flaws in previous versions of Windows, but I never would have expected something like this to be overlooked in XP. How can Microsoft miss something like this? Thomas, do you have any ideas as to what we could do to prevent this happening to our computers? Hopefully Microsoft will release a patch for this soon, so I am not too worried, but it's better to be safe than sorry :grinthumb .

 

[poertner_1274]

Originally posted by TS | Thomas
Download Patch now from Microsoft.

Check that link

 

[warr]

why?

because you put too much trust in crappy win XP. just name change from 2000 to XP, and that shakes your *** more than ever. :haha:

 

[negroplasty]

My apologies, I did not see that patch link there . warr, yes, I do put a lot of trust into XP as it has never failed me before. Maybe the odd problems here and there, but nothing a patch can't fix. Longhorn should be an improvement.

 

[warr]

always wait for Service Pack 1. :haha: