* Microsoft warns of two bugs and a security problem Editor’s Note: Dave Kearns is traveling this week and will be back next week. In place of his usual newsletter, we bring you breaking Windows networking news from Networkworld.com.Microsoft is warning of two bugs in its software that could potentially give unauthorized control or access over a person’s computer, while a third problem has been highlighted by a security research company.One vulnerability revisits the Windows Metafile (WMF) debacle from December, but impacts fewer users. The bug is in Internet Explorer (IE) 5.01 Service Pack 4 on the Windows 2000 Service Pack 4 OS and IE 5.5 Service Pack 2 on Windows Millennium, Microsoft said.An attacker could gain control if a user opened a malicious e-mail attachment or if a user were persuaded into visiting a Web site that had a specially-crafted WMF image, Microsoft said. A patch has not been issued, but Microsoft said the issue is under investigation, and an out-of-cycle patch could be provided depending on customer needs. Microsoft typically issues patches on the second Tuesday of the month, due this month on Feb. 14.A second vulnerability could allow a person with low-user privileges gain higher-level access, Microsoft said. Proof-of-concept code that has been released attempts to exploit overly permissive access controls on third-party application services, along with the default services of Windows XP Service Pack 1 and Windows Server 2003, the company said. No attacks have been reported. Microsoft said several factors diminish the threat of the problem. Those running Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 – the latest updates of the software – are not affected, and someone who launches an attack would need authenticated access to the affected operating system, it said.Security vendor Secunia detailed a third vulnerability involving Microsoft’s HTML Help Workshop, software that can create online help for a software application or Web site content.Secunia said the problem “is caused due to a boundary error within the handling of a ‘.hhp’ file that contains an overly long string in the ‘contents file’ field. This can be exploited to cause a stack-based buffer overflow and allows arbitrary code execution when a malicious ‘.hhp’ file is opened.”The bug could allow arbitrary code to be executed on a computer, Secunia said. An exploit has been released, and Secunia advised that untrusted .hhp files not be opened.Jeremy Kirk is a correspondent with the IDG News Service, a Network World affiliate. Related content news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Cloud Computing Data Center news AWS and Nvidia partner on Project Ceiba, a GPU-powered AI supercomputer The companies are extending their AI partnership, and one key initiative is a supercomputer that will be integrated with AWS services and used by Nvidia’s own R&D teams. By Andy Patrizio Nov 30, 2023 3 mins CPUs and Processors Generative AI Supercomputers news VMware stung by defections and layoffs after Broadcom close Layoffs and executive departures are expected after an acquisition, but there's also concern about VMware customer retention. By Andy Patrizio Nov 30, 2023 3 mins Virtualization Data Center Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe