CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Culture

Microsoft patches Windows security hole

Microsoft patches a security hole in its Windows operating system that exposed Internet-connected computers to invasion by attackers.

Microsoft patched a security hole in its Windows operating system that exposed Internet-connected computers to invasion by attackers.

The problem, which Microsoft acknowledged last week, lets a malicious hacker crash the operating system by flooding the file address field with more characters than it can accommodate, sending the excess characters into memory where they can be executed when the computer is restarted.

Such an exploit, which lets an attacker run malicious code on a target's computer, is known generically as a "buffer overrun" attack. Microsoft cited estimates that between two-thirds and three-fourths of computer security problems are buffer overrun issues.

An attacker could take advantage of the vulnerability by sending email or by luring a target to a Web page. A user would not have to click on a link of a malicious Web page; merely visiting that page would be sufficient to launch the attack.

"This vulnerability can affect a user even if the user follows what would normally be safe computing practices such as avoiding opening attachments from unknown senders and disabling macros unless they come from known and expected sources," Microsoft said in an informational page on the problem.

Microsoft said the "File Access URL" vulnerability lay in Windows' networking software, and posted fixes for both Windows 95 and Windows 98.