Microsoft Corp has warned of a critical security flaw in its Microsoft VM implementation of the Java Virtual Machine that could enable an attacker to gain control of a user’s system. The vulnerability affects Windows 95, 98, 98SE, ME, NT 4.0, 2000 and XP, as well as several versions of Internet explorer.
In actual fact, the company has issued warnings about eight different vulnerabilities in the Virtual Machine technology, only one of which is rated as critical, but all of which are fixed with the same new version of the Microsoft VM.
The most serious vulnerability enables an untrusted Java applet to access COM objects and potentially take control of the system. Other vulnerabilities such as codebase spoofing and domain spoofing are rated as important and moderate respectively. All eight vulnerabilities can be fixed via the installation of a new build 3809 version of the Microsoft VM.
The vulnerability warning was the 69th from Microsoft this year, and was quickly followed by its 70th and 71st. The 70th warning regarded a moderate vulnerability in the SMB protocol utilized in Windows XP and 2000 that could enable an attacker to modify group policy information. A fix for this flaw, which has already been shipped in Windows XP Service Pack 1, is also available for download from Microsoft.
The latest, and 71st warning is rated with Microsoft’s new important rating and concerns a flaw in Windows NT 4.0, 2000 and XP’s message handling that could enable privilege elevation. Again a patch is available for download.