New flaw found in XP and Windows 2000

A new flaw discovered in two of Microsoft's operating systems is leaving machines vulnerable to hack attacks.

The "moderately critical" issue was discovered by Danish security research firm Secunia in Windows 2000 and XP, although the company indicated it could affect other versions too.

In a security advisory, Secunia said: "The vulnerability is caused due to a boundary error in the "UpdateFrameTitleForDocument()" function of the CFrameWnd class in mfc42.dll. This can be exploited to cause a stack-based buffer overflow by passing an overly long title string argument to the affected function."

"Successful exploitation may allow execution of arbitrary code."

Secunia has claimed the solution to the bug would be to "restrict access to applications allowing user-controlled input to be passed to the vulnerable function."

Microsoft acknowledged the concerns via its Microsoft Security Response Twitter feed and said: "We are investigating reports of a vulnerability in mfc42.dll affecting Windows 2000 and XP. Will update when we have more information."

Jennifer Scott is a former freelance journalist and currently political reporter for Sky News. She has a varied writing history, having started her career at Dennis Publishing, working in various roles across its business technology titles, including ITPro. Jennifer has specialised in a number of areas over the years and has produced a wealth of content for ITPro, focusing largely on data storage, networking, cloud computing, and telecommunications.

Most recently Jennifer has turned her skills to the political sphere and broadcast journalism, where she has worked for the BBC as a political reporter, before moving to Sky News.