MS03-011: Flaw in the Microsoft VM could enable system compromise

The Microsoft VM is a virtual machine for the Win32operating environment. The Microsoft VM is shipped in most versions of Windows and in most versions of Microsoft Internet Explorer. A new security vulnerability has been reported that affects the ByteCode Verifier component of the Microsoft VM. It occurs because the ByteCode verifier does not correctly look for certain malicious code when a Java applet is being loaded. The attack vector for this new security issue would likely involve an attacker creating a malicious Java applet and inserting it into a Web page that would exploit this vulnerability when it was opened. An attacker could then host this malicious Web page on a Web site or could send it to a user in e-mail. The present Microsoft VM has been updated to include a fix for this newly reported security vulnerability. This version of VM includes all previously released fixes to the VM.

There are a number of workarounds that you may be able to apply temporarily while you evaluate and test the new Microsoft VM:

• In an enterprise environment, you can use application filters at the firewall to examine and block mobile code.
• You can use a later Microsoft e-mail client computer, such as a computer that is running Microsoft Outlook 2002 or Outlook Express 6. By default, the e-mail attack vector is prevented in later versions of Outlook. If you are using earlier Microsoft Outlook clients such as clients that are running Outlook 98 or 2000, the e-mail vector is blocked if the Outlook Email Security Update is used.
• You can prevent Java applets from being run in the Internet Explorer Internet zone. Note that if you disable Java applets, your ability to view certain Web pages may be affected. To disable Java applets:
  1. On the Tools menu, click Internet Options, click the Security tab, and then click Custom Level.
  2. In the Settings box, click Disable Java under Java Permissions, click OK, and then click OK again.

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

To determine the Microsoft VM build number on a computer that is running Windows 98, Windows 98 Second Edition, or Windows Millennium Edition, follow these steps:

1. Click Start, and then click Run.
2. In the Open box, type command, and then click OK.
3. At the command prompt, type jview, and then press ENTER.
   
   The version information appears on the first line as "Version n.nn.nnnn," where the last four digits are the build number. For example, 5.00.3802 is Microsoft VM build 3802.

To determine the Microsoft VM build number on a computer running Windows NT 4.0, Windows 2000, or Windows XP, follow these steps:

1. Click Start , and then click Run.
2. In the Open box, type cmd, and then click OK.
3. At the command prompt, type jview, and then press ENTER.
   
   Notice that the version information appears on the first line as "Version n.nn.nnnn," where the last four digits are the build number. For example, 5.00.3802 is Microsoft VM build 3802.

For more information about this vulnerability, visit the following Microsoft Web site:

For more information about how this patch applies to Windows 2000 Service Pack 4, click the following article number to view the article in the Microsoft Knowledge Base: For more information about the differences between Windows XP Service Pack 1 and Windows XP Service Pack 1a, click the following article number to view the article in the Microsoft Knowledge Base: