Microsoft investigating Windows 2000 and XP flaw

By
Follow google news

Secunia sounds warning over boundary error vulnerability.

Danish security firm Secunia has issued an alert over a 'moderately critical' flaw in Windows XP and 2000.

Secunia said in a security advisory that the problem is caused by a boundary error in the CFrameWnd class in mfc42.dll. Exploiting it could allow an attacker to run code execution on a target machine.

"The vulnerability is confirmed in fully patched versions of Windows 2000 Professional SP4 including mfc42.dll version 6.0.9586.0, and Windows XP SP2/SP3 including mfc42.dll version 6.2.4131.0. Other versions may also be affected," said the advisory.

No patch is yet available for the flaw, and Secunia recommends restricting access to applications that allow user-controlled input to be passed to the vulnerable function.

Microsoft said in a Twitter post that it is looking into the problem. "We are investigating reports of a vulnerability in mfc42.dll affecting Windows 2000 and XP. Will update when we have more information," the company said.

Microsoft investigating Windows 2000 and XP flaw
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
flawsecuniasecurityvulnerabilitywindowsxp

Sponsored Whitepapers

2026 Engineering Reality Report
2026 Engineering Reality Report
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
Optus Enterprise Mobility
Optus Enterprise Mobility
Life After VMware: Scale Securely with mCloud by Micron21
Life After VMware: Scale Securely with mCloud by Micron21

Events

Most Read Articles

Euro cops take down cybercrime network with 49 million fake accounts

Euro cops take down cybercrime network with 49 million fake accounts
Australia's new cyber affairs ambassador sourced from ASD

Australia's new cyber affairs ambassador sourced from ASD
Microsoft breaks Windows 11 Recovery Environment in October update

Microsoft breaks Windows 11 Recovery Environment in October update
QLD government retires CISO position title

QLD government retires CISO position title
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?