A serious security flaw in Microsoft’s virtual machine (VM) found on most Windows PCs could allow an attacker to take over a user’s system, Microsoft warned late Wednesday. A fixed version of the software is available.Microsoft’s VM is used for running Java applications on Windows PCs and comes with most Windows and Internet Explorer versions. All builds up to and including build 5.0.3805 are affected by eight security flaws, six of which pose a “low” or “moderate” risk to users, Microsoft said in a security bulletin.Two vulnerabilities, however, are serious. Exploiting a “critical” flaw in a security feature of the VM could allow an attacker to gain control over a user’s system, while another “important” flaw could be exploited to trick the VM into giving an attacker read access to files on a user’s PC and network drives, Microsoft said.Under Microsoft’s security rating system, changed last month, critical vulnerabilities are those that could be exploited to allow malicious Internet worms to spread without user action. Important are those vulnerabilities that could expose user data or threaten system resources. An attacker could exploit the VM flaws by luring a user to an especially coded Web page or sending that page via HTML e-mail, Microsoft said. The Redmond, Wash., company urges users to upgrade to VM build 3809, which is available from the Windows Update Web site.Users can check if and what version of Microsoft’s VM is installed by opening a command box and entering “jview.” VM is installed when a program runs. The version number appears in the topmost line. Also on Wednesday, Microsoft issued two other security bulletins warning of issues with various Windows versions.Deemed “important” is a privilege-elevation vulnerability in Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000 and Windows XP. A malicious user could gain administrative privileges on a system by exploiting the flaw which lies in a Windows function, Microsoft said in another security bulletin.A third Microsoft bulletin details a “moderate” risk vulnerability in Windows 2000 and Windows XP without Service Pack 1 installed. An attacker could change group policy data received by client systems by silently disabling the signing of Server Message Block packets, Microsoft said. Related content news EU approves $1.3B in aid for cloud, edge computing New projects focus on areas including open source software to help connect edge services, and application interoperability. By Sascha Brodsky Dec 05, 2023 3 mins Technology Industry Technology Industry Technology Industry brandpost Sponsored by HPE Aruba Networking Bringing the data processing unit (DPU) revolution to your data center By Mark Berly, CTO Data Center Networking, HPE Aruba Networking Dec 04, 2023 4 mins Data Center feature 5 ways to boost server efficiency Right-sizing workloads, upgrading to newer servers, and managing power consumption can help enterprises reach their data center sustainability goals. By Maria Korolov Dec 04, 2023 9 mins Green IT Servers Data Center news Omdia: AI boosts server spending but unit sales still plunge A rush to build AI capacity using expensive coprocessors is jacking up the prices of servers, says research firm Omdia. By Andy Patrizio Dec 04, 2023 4 mins CPUs and Processors Generative AI Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe