Flaws keep bugging Microsoft

In a bleak day for the software giant, Microsoft releases three advisories detailing a series of flaws, one deemed critical for Windows NT and 2000 servers.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
Microsoft posted three advisories on its Web site on Wednesday detailing several recently discovered flaws, one of which was deemed critical for Windows NT and 2000 servers.

The software giant dubbed "critical" a buffer overflow in its remote access service (RAS) software, which is a native element in the Windows NT 4.0, Windows 2000 and Windows XP operating systems. The security hole could allow an intruder to run any code, the advisory stated.

"An attacker who successfully exploited this vulnerability could gain complete control over the machine, thereby gaining the ability to take any desired action," said the advisory.

Another release detailed two flaws in the way Microsoft SQL Server handles the XML data exchange format, and a third release warned that Web servers with HTR scripting turned on are also in danger. HTR is an older, obsolete type of scripting now replaced by active server pages.

The new advisories point to the latest of a number of flaws Microsoft has identified in recent months, at the same time that it's been running a high-profile campaign to stamp out such problems.

In January, Chairman Bill Gates signaled a new direction for the company in an e-mail to all his employees, asking them to help make Microsoft's software "trustworthy." The company has been toiling to button up its products and exterminate critical bugs, but seems to still have its work cut out for it.

The three advisories bring Microsoft's total for the year to 30, detailing nearly 40 flaws.