Microsoft issued a critical warning about a security hole in Windows NT 4.0, Windows XP and Windows 2000 that could enable attackers to take over a vulnerable system.

The company also issued two more security warnings, about a flaw in Content Management Server 2001 rated as important, and a moderate-rated vulnerability in Outlook 2002. The company posted patches for all three flaws in the warnings, which were posted Wednesday.

The Windows flaw is in the Microsoft Locator service, which allows users to map easy-to-remember logical names of systems on a company’s network, such as printer servers, to the actual network addresses. An attacker could take over by sending a malformed request to the Locator, although a firewall set to block external NetBIOS traffic will prevent attacks from the Internet.

The Content Management flow would allow attackers to intercept data that an Internet user shares with a site created using the Microsoft software and change data shown to the user. And the Outlook flaw will stop Outlook from sending encrypted mail when users use V1 Exchange Server Security Certificates, which are not commonly used, Microsoft said. Instead, Outlook 2002 is set up to use Secure MIME (SMIME) certificates by default.
Microsoft has posted detailed security bulletins and patches for the Windows security flaw, as well as the Outlook and Content Management holes.

Source: Internet Week