UK government IT security body warns of Microsoft flaw

Buffer overflow leaves users exposed to hackers just by viewing webpages

The UK government's cyber agency responsible for warning about security incidents and electronic attacks on critical national infrastructure has issued an alert about a Microsoft buffer overflow vulnerability. The Unified Incident Report and Alerting Scheme (UNIRAS), the UK's equivalent of CERT, has put out the warning following a Microsoft security bulletin last week. The flaw was rated critical by Microsoft and consists of a buffer overflow in the HTML converter of most versions of Windows that could allow a hacker to execute malicious code. The hole can be exploited by users cutting and pasting HTML from websites or just by viewing a website if the malicious code is embedded in a webpage. UNIRAS recommends users should apply Microsoft patch MS03-023 and modify the security configuration of any applications that use Internet Explorer to disable active scripting and pasting.