Users Warned of Multiple Windows Security Vulnerabilities

Symantec Corp., manufacturer of the popular Norton series of antivirus products, yesterday warned customers of a multiple critical holes in Microsoft Corp.’s Windows operating system. The security holes make the Windows systems vulnerable to remote attack.

Following postings to the Bugtraq mailing list, a respected source of timely security information, Symantec security managers also detailed the heap overflow vulnerabilities of Microsoft’s popular operating system. Until Microsoft releases patches, users are vulnerable to attack through the winhlp32.exe file, which manages Windows help files. An attacker can trigger a memory overflow by tricking a user into opening a Trojan help file.

In related news, Symantec also warned of a second Windows vulnerability, called LoadImage, that guides the operating system in displaying desktop icons, cursors, and bitmap images. Trojan images can be used to trigger a memory overflew and install rogue computer code on computers running Windows. The Trojan images can easily be received via e-mail or through websites.

As with the Help file vulnerability, most supported versions of Windows are affected by the LoadImage flaw, including versions of Windows NT, Windows XP, Windows 2000 and Windows Server 2003, Symantec said.

Dave’s Opinion
Users should be especially careful to not open unexpected e-mail attachments and to visit only known, reputable websites until Microsoft issues security updates for these serious security vulnerabilities.

Call for Comments
What do you think? Leave your comments below.


About Todd Cochrane

Todd Cochrane is the Founder of Geek News Central and host of the Geek News Central Podcast. He is a Podcast Hall of Fame Inductee and was one of the very first podcasters in 2004. He wrote the first book on podcasting, and did many of the early Podcast Advertising deals in the podcasting space. He does two other podcasts in addition to Geek News Central. The New Media Show and Podcast Legends.