Jan 23, 2003 (07:01 PM EST)
Microsoft Issues Security Warnings For Windows, Outlook, And Content Management

Read the Original Article at InformationWeek

Microsoft issued a critical warning about a security hole in Windows NT 4.0, Windows XP, and Windows 2000 that could enable attackers to take over a vulnerable system.

The company also issued two more security warnings, about a flaw in Content Management Server 2001 rated as important, and a moderate-rated vulnerability in Outlook 2002. The company posted patches for all three flaws in the warnings, which were posted Wednesday.

The Windows flaw is in the Microsoft Locator service, which lets users map easy-to-remember logical names of systems on a company's network, such as printer servers, to the actual network addresses. An attacker could take over by sending a malformed request to the Locator, although a firewall set to block external NetBIOS traffic will prevent attacks from the Internet.

The Content Management flaw would let attackers intercept data that an Internet user shares with a site created using the Microsoft software and change data shown to the user. And the Outlook flaw will stop Outlook from sending encrypted mail when users use V1 Exchange Server Security Certificates, which aren't commonly used, Microsoft said. Instead, Outlook 2002 is set up to use Secure MIME (SMIME) certificates by default.

Microsoft has posted detailed security bulletins and patches for the Windows security flaw, as well as the Outlook and Content Management holes.