Home & Office

Government agency warns of Windows flaw

The UK's equivalent of CERT has warned of a buffer overflow vulnerability related to cutting and pasting HTML from a malicious Web page
Written by Andy McCue, Contributor

The UK government's cyberagency responsible for warning about security incidents and electronic attacks on critical national infrastructure has issued an alert about a Microsoft buffer overflow vulnerability.

The Unified Incident Report and Alerting Scheme (UNIRAS), the UK's equivalent of CERT, has put out the warning following a Microsoft security bulletin last week.

The flaw was rated critical by Microsoft and consists of a buffer overflow in the HTML converter of most versions of Windows that could allow a hacker to execute malicious code.

The hole can be exploited by users cutting and pasting HTML from Web sites or just by viewing a Web site if the malicious code is embedded in a Web page.

UNIRAS recommends users should apply Microsoft patch MS03-023 and modify the security configuration of any applications that use Internet Explorer to disable active scripting and pasting.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.

Editorial standards