Microsoft Investigates 'Moderately Critical' Windows XP Bug

Dennis Faas's picture

Microsoft is currently investigating the emergence of a new critical bug affecting users of Windows 2000 and Windows XP. The Redmond-based firm made the announcement via Twitter on Tuesday, and says the issue can be found in the dynamic link library (.DLL) file "mfc42.dll."

Security firm Secunia posted a detailed report, which they say is based on a third party proof-of-concept exploit. It's suggested that the vulnerability can be exploited via PowerZip version 7.2 Build 4010, among other utilities that use the mfc42.dll file. (Source:

Bug Affects Moderately Popular Component

The mfc42.dll file is a component in Microsoft Foundation Classes and a C++ application framework. It's not as popular as it once was, but remains useful enough to cause serious problems. Microsoft has for some time encouraged developers to seek alternatives to mfc42.dll.

The bug, which is related to a boundary error, can eventually result in a stack-based buffer overflow, says Secunia. What average users of Windows XP and Windows 2000 need to know is that this overflow can compromise the security of their machines.

Secunia: Issue "Moderately Critical"

Secunia says the vulnerability could allow malicious code to be executed if exploited properly, and in considering this the security firm has deemed the issue "moderately critical." (Source:

Although Windows XP and 2000 are confirmed affected by the bug, Secunia hasn't ruled out the possibility that other Microsoft operating systems could be vulnerable, too. However, it's more than likely that security updates added to Windows Vista and Windows 7 would block an attempt to exploit the flaw.

"Microsoft is investigating new public claims of a possible vulnerability in Windows 2000 and Windows XP," said company group manager Jerry Bryant, who said he's unaware of any attempts to exploit the code in order to launch an attack.

Rate this article: 
No votes yet