Government agency warns of Windows flaw

The UK's equivalent of CERT has warned of a buffer overflow vulnerability related to cutting and pasting HTML from a malicious Web page

The UK government's cyberagency responsible for warning about security incidents and electronic attacks on critical national infrastructure has issued an alert about a Microsoft buffer overflow vulnerability.

The Unified Incident Report and Alerting Scheme (UNIRAS), the UK's equivalent of CERT, has put out the warning following a Microsoft security bulletin last week.

The flaw was rated critical by Microsoft and consists of a buffer overflow in the HTML converter of most versions of Windows that could allow a hacker to execute malicious code.

The hole can be exploited by users cutting and pasting HTML from Web sites or just by viewing a Web site if the malicious code is embedded in a Web page.

UNIRAS recommends users should apply Microsoft patch MS03-023 and modify the security configuration of any applications that use Internet Explorer to disable active scripting and pasting.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.