Microsoft Patches Three Security Problems, Including One Rated As Critical

By Mitch Wagner

Microsoft issued patches this week for three security problems, two affecting recent versions of Windows and one affecting the company's Java Virtual Machine, which could allow attackers to take over a target system, or change network security.

Microsoft Security Bulletin MS02-069, which Microsoft gives its highest severity rating -- critical -- comprises eight vulnerabilities in the Microsoft Java Virtual Machine, the most serious of which would enable an attacker to gain control over another user's system.

The most serious of the flaws allows an untrusted Java applet to access COM objects, which could allow an attacker to take control of the system. By design, only trusted Java programs should be available to COM objects.

Further information, and a new version of the VM which solves the problem, are available from Microsoft.

Security Bulletin MS02-70 describes a vulnerability in Windows 2000 and Windows XP that could allow an attacker to modify a network's security policies. It affects Windows XP versions prior to Service Pack 1, and Windows 2000 users. Microsoft rates the severity of the vulnerability as moderate. Further information and a patch are available at Microsoft's site.

And Security Bulletin MS02-71, rated by Microsoft as important, could allow attackers to exploit a flaw in Windows messages to take over a system. The vulnerability affects Windows NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000 and Windows XP; further information and a patch are available online