Microsoft’s Tuesday released a batch of seven security patches, including two for “critical” vulnerabilities found in the Windows Task Scheduler and HTML Help features.
As part of its monthly patch release cycle, the software giant warned that the Task Scheduler contains a buffer overflow that puts users at risk of computer takeover.
“If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges,” the company warned in an advisory.
Affected products include Windows 2000 and Windows XP. The Windows NT Workstation and Windows NT Server operating systems are not affected by default. However, if Internet Explorer 6.0 Service Pack 1 has been installed on those systems, the vulnerable component exists, Microsoft said.
Microsoft issued a separate alert for a vulnerability in HTML Help that could also lead to code execution attacks. The flaw, rated “critical,” affects Windows 98, Windows Millennium Edition (Me), Windows 2000, Windows XP and Windows Server 2003.
According to the alert, the HTML Help hole could allow an attacker to “take complete control of an affected system.”
A successful attacker could commandeer machines to install programs; view, change, or delete data; or create new accounts with full user privileges. “Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.”
The July batch of advisories includes four patches rated “important” and one with a “moderate” rating.
A patch was released for a remote code execution vulnerability in the way that the Windows Shell launches applications. This flaw could also leave systems at risk of system takeover. Microsoft said significant user interaction is required to exploit this vulnerability, noting that users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
An “important” privilege elevation vulnerability was also patched to correct way that Utility Manager launches applications. According to the alert, a logged-on user could force Utility Manager to start an application with system privileges and could take complete control of the system. “An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges,” the company warned.
The company also plugged a privilege elevation hole in the POSIX operating system component (subsystem) that could be exploited to allow an attacker to take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
A separate patch with an “important” rating was also released for a bug found in IIS 4.0.
Microsoft also issued a cumulative update to plug a denial-of-service hole in Outlook Express.