The company has also provided a new patch for the earlier security vulnerability in a Windows Distributed Component Object Model RPC interface.
The first two vulnerabilities uncovered yesterday could allow a buffer overflow to enable hackers to execute arbitrary code, while the third could result in a denial of service (DoS) attack.
An attacker could exploit these vulnerabilities by crafting a packet and sending it to a vulnerable server.
Doing so would either allow the attacker to execute code on the victim’s machine (buffer overflow vulnerability), or cause the machine to crash and restart (DoS vulnerability).
Microsoft warned a malicious attacker may use the buffer overflow vulnerability to execute code on the victim machine, gaining local system privileges on an affected system.
This would allow them to install programs, view, change or delete data, or create new accounts with full privileges.
The RPC service provides remote procedure calls between objects executing on two remote machines running the Windows operating system.
Microsoft said versions affected include:-
- Windows NT 4.0 Server (buffer overflow vulnerability only)
- Window NT 4.0, Terminal Server Edition (buffer overflow vulnerability only)
- Windows 2000 (buffer overflow and DoS vulnerabilities)
- Windows XP (buffer overflow vulnerability only)
- Windows Server(TM) 2003 (buffer overflow vulnerability only)
Windows users are advised to update their systems with Microsoft patch available on the Microsoft web site at: http://www.microsoft.com/security/security_bulletins/ms03-039.asp
Barclays has partnered with accounting software company Xero to provide businesses with access to transaction data through its direct feed.
Government's estimate of a £400m admin saving from Making Tax Digital is way off - and is instead a huge cost burden, warns Lamont Pridmore chief executive Graham Lamont
Xero unveiled its expanded global partner programme at Xerocon South, the accounting technology conference in Australasia
Accountancy software firm Sage has been hit by a data breach which may have compromised the personal details and bank account details of as many as 300 UK businesses