on Thursday warned of a buffer overrun vulnerability in the way the Windows kernel passes error messages to a debugger and issued a security patch to plug the holes on Windows NT 4.0, Windows 2000 and Windows XP systems.
The vulnerability alert included a warning that an intruder could use the flaw to elevate privileges and a recommendation that sysadmins running susceptible systems install the patch immediately.
The vulnerability carries an 'important' rating, Microsoft's second highest on a four-level scale introduced late last year.
The software giant said the vulnerability exists because an attacker could write a program to exploit this flaw and run code of his or her choice. "An attacker could exploit this vulnerability to take any action on the system including deleting data, adding accounts with administrative access, or reconfiguring the system," it cautioned.
For an attack to succeed, an intruder would need to be able to logon interactively to the system, either at the console or through a terminal session. A successful attack would also require the introduction of code in order to exploit this vulnerability.
"Because best practices recommends restricting the ability to logon interactively on servers, this issue most directly affects client systems and terminal servers," Microsoft added.
"Standard best practices recommend only allowing trusted administrators to log onto such systems interactively; without such privileges, an attacker could not exploit the vulnerability," the company said.
One of the ways around the issues of security and control that make some businesses wary of cloud computing is to build a private cloud -- one that remains within the corporate firewall and is wholly controlled internally. Private clouds also increase the agility of IT an organization's IT infrastructure and make it easier to roll out new technology projects. Download this eBook to get the facts behind the private cloud and learn how your organization can get started.