The flaw related to Remote Desktop Protocol, or RDP, could let an attacker remotely crash computers. The flaw previously had been linked to Windows XP, but it actually affects several versions of the operating system, Microsoft said. Windows 2000, Windows XP and Windows Server 2003.
RDP enables remote access to Windows systems. But because of a flaw in the way Windows handles remote desktop requests, an attacker could crash a PC by sending a malformed remote request, Microsoft said.
Microsoft is also investigating reports that amay allow attackers to execute code remotely. A security consultant said he has found a number of possible flaws in the way the Web browser software handles JPEG images. The consultant said one of the flaws could be exploited for remote arbitrary code execution, a type of attack generally categorized as "critical" by security vendors.
Four proof-of-concept images that aim to exploit these flaws have been posted on the Web by the consultant. Each of these has the potential to crash IE 6, the latest version of Microsoft's browser, even if it has been patched with Service Pack 2.
An IM worm is also attracting Redmond's attention. MSN Messenger and America Online's Instant Messenger services are beingcontaining links that could infect a computer with a Trojan horse or dangerous worm.
The threat is a Trojan called Kirvo, which arrives in the form of an instant message from someone on the user's "friends" list. The message contains a link to a Web site, which, if clicked, loads a copy of Kirvo onto the computer.Also of note
Microsoft , a provider of secure messaging services...The software giant has and licensed its patents, which cover ways to protect systems against previously unknown security threats....Selected software testers , Redmond's subscription antivirus and anti-spyware service...An enhanced beta version of Microsoft AntiSpyware ...And Microsoft is reaching out with Security360, its monthly security Webcast.