Worm hole found in Windows 2000
- From: "Jim Lee Jr." <peejster01@xxxxxxxxxxxxx>
- Date: Wed, 03 Aug 2005 22:12:30 GMT
It seems the hole in Windoze 200 cannot be worked around at the moment
until it gets fixed. Try explaining that away, M$ drones.
http://tinyurl.com/8ewue
Worm hole found in Windows 2000
Published: August 3, 2005, 1:40 PM PDT
By Dawn Kawamoto
Staff Writer, CNET News.com
A serious flaw has been discovered in a core component of Windows 2000,
with no possible work-around until it gets fixed, a security company
said.
The vulnerability in Microsoft's operating system could enable remote
intruders to enter a PC via its Internet Protocol address, Marc
Maiffret, chief hacking officer at eEye Digital Security, said on
Wednesday. As no action on the part of the computer user is required,
the flaw could easily be exploited to create a worm attack, he noted.
What may be particularly problematic with this unpatched security hole
is that a work-around is unlikely, he said.
"You can't turn this (vulnerable) component off," Maiffret said. "It's
always on. You can't disable it. You can't uninstall."
eEye declined to give more details on the flaw or the Windows 2000
component in question. As part of company policy, it does not release
technical details of the vulnerabilities it finds until the software's
maker has released either a patch or an advisory.
A Microsoft representative said the software giant will issue a comment
once it has had a chance to review the eEye advisory, which has yet to
be posted on the security company's Web site.
The vulnerabilities affect Windows 2000, but Maiffret noted eEye is
still conducting tests, and he anticipates other versions of Microsoft's
OS will likely be affected.
For Microsoft, this marks the second eEye advisory it's received this
week. On Monday, eEye notified the software giant it had found critical
vulnerabilities in Internet Explorer.
The IE vulnerabilities could allow malicious attackers to launch a
remote buffer overflow attack should users click on a malicious Web site
link.
The flaw, which is rated as a "high" risk, affects IE, Windows XP and
SP1, Windows 2003 and Windows 2000.
Microsoft confirmed it received the eEye advisory regarding IE through
its standard vulnerability reporting system.
"We are investigating the report and will take appropriate action to
help protect customers as part of our normal security response process,"
a Microsoft representative said. Microsoft issues a monthly bulletin of
patches and also has a program of security advisories with work-arounds
for unpatched, reported flaws.
.
- Prev by Date: Re: PREDICTION! Mighty Mouse will fall on his arse
- Next by Date: Re: The WinNuts say there aren't misconceptions about Macs
- Previous by thread: Maccies have egg on their faces - Again!
- Next by thread: UH-OH, HP halts camera sales
- Index(es):
Relevant Pages
|
