3 New Windows Security Problems Found

DotNM writes "USA Today is running a story that outlines three security issues in Microsoft Corporation's popular Windows desktop operating system product. It describes the issues and urges users not to download .hlp files from email attachments. Apparently there are issues, even for a Windows XP system patched with Service Pack Two."

ANI...

[Stile+65]

According to a report on eWeek.com, one of the three vulnerabilities involves image handling, which has posed problems for Windows and Unix systems in the past. The other two vulnerabilities involve Windows' Help system and its .hlp files, and Windows' ANI (Automatic Number Identification) authentication capabilities.

That's what ANI is in the context of telephone networks. In the context of a Windows system, it's an animated mouse cursor.

Besides, these vulnerabilities were announced yesterday morning on Slashdot!

Re:ANI...

[the+unbeliever]

When in the case of Windows NT/2k/2k3 server, ANI authentication also means the number(s) that people are allowed to dial in remotely from, so the article text is correct.

Re:Linux Flaws

[m50d]

hlp files (or rather the engine which handles them) are part of windows. Microsoft has said as much in statements in court under oath. Subversion has never been installed on my (linux) computer, so you can't count it as part of linux. If a program is installed by default on most of the "big seven" distros, or just the majority of linux installs (but how would you ever check?) I suppose you could count it as part of linux, but that's probably rather unfair since those distros are far more functional by default than windows is. Finally, slashdot does tend to post flaws in major OSS. Whenever I've had to do a security upgrade, I've always found the story on /..