Symantec Corp., manufacturer of the popular Norton series of antivirus products, yesterday warned customers of a multiple critical holes in Microsoft Corp.’s Windows operating system. The security holes make the Windows systems vulnerable to remote attack.
Following postings to the Bugtraq mailing list, a respected source of timely security information, Symantec security managers also detailed the heap overflow vulnerabilities of Microsoft’s popular operating system. Until Microsoft releases patches, users are vulnerable to attack through the winhlp32.exe file, which manages Windows help files. An attacker can trigger a memory overflow by tricking a user into opening a Trojan help file.
In related news, Symantec also warned of a second Windows vulnerability, called LoadImage, that guides the operating system in displaying desktop icons, cursors, and bitmap images. Trojan images can be used to trigger a memory overflew and install rogue computer code on computers running Windows. The Trojan images can easily be received via e-mail or through websites.
As with the Help file vulnerability, most supported versions of Windows are affected by the LoadImage flaw, including versions of Windows NT, Windows XP, Windows 2000 and Windows Server 2003, Symantec said.
Dave’s Opinion
Users should be especially careful to not open unexpected e-mail attachments and to visit only known, reputable websites until Microsoft issues security updates for these serious security vulnerabilities.
Call for Comments
What do you think? Leave your comments below.