Microsoft has just issued a patch for its Windows operating systems. This patch remedies a vulnerability that could allow remote code execution on affected computers.

This is a new vulnerability that involves a "buffer overflow" in Microsoft ASN.1 Library. By successfully exploiting this vulnerability, an attacker may take any action on the compromized computer, including running programs, installing programs changing data and so on.

Microsoft’s severity rating is Critical (highest rating).

Microsoft has made a patch for this vulnerability available from Microsofts Security Bulletin MS04-007. The patch is also available from Windows’ automatic updating system.

The following systems are vulnerable:

• Microsoft Windows NT 4
• Microsoft Windows 2000
• Microsoft Windows XP
• Microsoft Windows Server 2003

At the time of this writing no known malicious software that exploits this new vulnerability has been observed.

Norman advices all users to download the patch as soon as possible, to be protected from potential exploits, as this vulnerability is seen as particularly dangerous.

Per Olav Førland