CNET también está disponible en español.

Ir a español

Don't show this again

Best Black Friday 2020 deals Jeopardy's new host Macy's Thanksgiving Day Parade Pikachu Thanksgiving face masks Black Friday iPhone 12 deals CDC's Thanksgiving guidelines Amazon's Black Friday deals

Microsoft flags three security holes

The software giant releases advisories that warn of flaws in its Web software, its VPN software and in default settings of Windows 2000.

Microsoft released three advisories late Wednesday that warned of security holes in its Web software, in Windows' virtual private networking features and in default settings of Windows 2000.

The company rated only a single flaw--affecting the point-to-point tunneling protocol portion of the Windows VPN software--as "critical." Even that vulnerability doesn't pose a great threat, said Scott Culp, manager for Microsoft's security response team.

"The flaw would only result in a denial of service," he said.

The vulnerability had originally been found by Austrian security firm Phion Information Technologies last month. The company had billed the problem as one that could lead to significant compromises in a business's network security.

After studying the problem, however, Microsoft said that the issue could lead only to a denial-of-service attack, a network attack that causes a computer to freeze when attacked by a program or to stop responding due to a deluge of data.

Microsoft also warned Windows 2000 users that there is a problem with the default way the operating system searches for a program that matches a given command. An attacker could put a Trojan horse--malicious code that fools the person or machine into thinking it's a legitimate program--in a directory that the operating system searches. The result: Windows 2000 will execute the malicious program rather than a legitimate command.

Finally, the company released a patch for its Internet Information Service (IIS) Web server. The patch includes many older fixes as well as four new ones.

All the warnings and suggested fixes for the problems can be found on the TechNet portion of Microsoft's Web page.