Microsoft Investigating Critical Windows 2000 / XP Bug – Twitter

Are you still running Microsoft Windows 2000 or XP? If so, you may appreciate knowing about a moderately critical security vulnerability which Microsoft are currently investigating.

The official Microsoft security response team Twitter account recently tweeted “We are investigating reports of a vulnerability in mfc42.dll affecting Windows 2000 and XP. Will update when we have more information”.

The particular file at fault is ‘mfc42.dll’, apparently there is boundary error in the “UpdateFrameTitleForDocument()” function, which could potentially be exploited to cause a stack-based buffer overflow.

The vulnerability is confirmed in fully patched versions of Windows 2000 Professional SP4 including mfc42.dll version 6.0.9586.0 and Windows XP SP2/SP3 including mfc42.dll version 6.2.4131.0. Other versions may also be affected.

Upon further investigation it seems as if this vulnerability affects all versions of Windows 2000 (including Server), along with both Windows XP Home and Professional, therefore there are potentially millions of computers out there at risk.

As we hear more on the situatiuon we will do our best to keep you updated, for more information check out the source link below.

Source: PCMag