Danish security firm Secunia has issued an alert over a 'moderately critical' flaw in Windows XP and 2000.
Secunia said in a security advisory that the problem is caused by a boundary error in the CFrameWnd class in mfc42.dll. Exploiting it could allow an attacker to run code execution on a target machine.
"The vulnerability is confirmed in fully patched versions of Windows 2000 Professional SP4 including mfc42.dll version 6.0.9586.0, and Windows XP SP2/SP3 including mfc42.dll version 6.2.4131.0. Other versions may also be affected," said the advisory.
No patch is yet available for the flaw, and Secunia recommends restricting access to applications that allow user-controlled input to be passed to the vulnerable function.
Microsoft said in a Twitter post that it is looking into the problem. "We are investigating reports of a vulnerability in mfc42.dll affecting Windows 2000 and XP. Will update when we have more information," the company said.
Microsoft investigating Windows 2000 and XP flaw
By
Iain Thomson
on Jul 8, 2010 9:37AM
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
.jpg&h=142&w=230&c=1&s=1)
New Microsoft CSP rules? Here’s how MSPs can stay ahead with Ingram Micro
How Expert Support Can Help Partners and SMBs Realize the Full Value of AI
MSPs with a robust data protection strategy will achieve market success
Shared Intelligence is the Real Competitive Edge Partners Enjoy with Crayon
Beyond the box: How Crayon Is Redefining Distribution for the Next Era
Sponsored Whitepapers
Cut through the SASE confusion
Stay protected as cyber threats evolve
Defend Your Network from the Next Generation of AI Threats
.jpg&w=100&c=1&s=0)
The race to AI advantage is on. Don’t let slow consulting projects hold you back.
_(8).jpg&w=100&c=1&s=0)
The changing face of Australian distribution
