June 12, 2002 10:00 PM PDT
Flaws keep bugging Microsoft
The software giant dubbed "critical" a buffer overflow in its remote access service (RAS) software, which is a native element in the Windows NT 4.0, Windows 2000 and Windows XP operating systems. The security hole could allow an intruder to run any code, the advisory stated.
"An attacker who successfully exploited this vulnerability could gain complete control over the machine, thereby gaining the ability to take any desired action," said the advisory.
Another release detailed two flaws in the way Microsoft SQL Server handles the XML data exchange format, and a third release warned that Web servers with HTR scripting turned on are also in danger. HTR is an older, obsolete type of scripting now replaced by active server pages.
The new advisories point to the latest of a number of flaws Microsoft has identified in recent months, at the same time that it's been running a high-profile campaign to stamp out such problems.
In January, Chairman Bill Gates signaled a new direction for the company in an e-mail to all his employees, asking them to help make Microsoft's software "trustworthy." The company has been toiling to button up its products and exterminate critical bugs, but seems to still have its work cut out for it.
The three advisories bring Microsoft's total for the year to 30, detailing nearly 40 flaws.