Danish security firm Secunia has issued an alert over a 'moderately critical' flaw in Windows XP and 2000.
Secunia said in a security advisory that the problem is caused by a boundary error in the CFrameWnd class in mfc42.dll. Exploiting it could allow an attacker to run code execution on a target machine.
"The vulnerability is confirmed in fully patched versions of Windows 2000 Professional SP4 including mfc42.dll version 6.0.9586.0, and Windows XP SP2/SP3 including mfc42.dll version 6.2.4131.0. Other versions may also be affected," said the advisory.
No patch is yet available for the flaw, and Secunia recommends restricting access to applications that allow user-controlled input to be passed to the vulnerable function.
Microsoft said in a Twitter post that it is looking into the problem. "We are investigating reports of a vulnerability in mfc42.dll affecting Windows 2000 and XP. Will update when we have more information," the company said.
Microsoft investigating Windows 2000 and XP flaw
By
Iain Thomson
on Jul 8, 2010 9:37AM
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Ingram Micro Ushers in the Age of Ultra
Tech For Good program gives purpose and strong business outcomes
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Kaseya Dattocon APAC 2024 is Back
Sponsored Whitepapers
-1.jpg&w=100&c=1&s=0)
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
.png&w=100&c=1&s=0)
