informa
/
1 MIN READ
News

Researchers Find New Windows Code-Execution Bug

The vulnerability, which is getting a "high severity" rating, affects Windows 2000, Windows 2003, and Windows XP, but does not affect Windows Vista.
Researchers at eEye Digital Security reported finding a new remote code-execution vulnerability in Microsoft's Windows operating systems.

The bug, which does not affect Microsoft's new and highly touted Windows Vista, was given a "high severity" rating, said Sean Martin, a director at eEye, in an interview. It affects Windows 2000, Windows 2003, and Windows XP.

The bug was reported to Microsoft on March 27.

Martin declined to give more information on the bug, saying he doesn't want to make it easier for hackers to discover the vulnerability before Microsoft can get a patch out for it.

He did note, however, that the bug is not connected to the .ANI vulnerability that has been plaguing Windows users and researchers for the past week.

It's been a tough week for Microsoft, which was forced to release an emergency patch for the .ANI flaw this past Tuesday. The company had planned on releasing it as part of its monthly Patch Tuesday security update on April 10 but pushed it out early because of the mounting exploits, spam attacks, and malware that were taking advantage of it.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing