- Related Stories
-
Critical flaws in IE and Outlook discovered
April 1, 2005 -
Flaw finders go their own way
January 26, 2005 -
Flaws found in Windows-based media players
October 28, 2004
The vulnerability in Microsoft's operating system could enable remote intruders to enter a PC via its Internet Protocol address, Marc Maiffret, chief hacking officer at eEye Digital Security, said on Wednesday. As no action on the part of the computer user is required, the flaw could easily be exploited to create a worm attack, he noted.
What may be particularly problematic with this unpatched security hole is that a work-around is unlikely, he said.
"You can't turn this (vulnerable) component off," Maiffret said. "It's always on. You can't disable it. You can't uninstall."
eEye declined to give more details on the flaw or the Windows 2000 component in question. As part of company policy, it does not release technical details of the vulnerabilities it finds until the software's maker has released either a patch or an advisory.
"Researchers report vulnerabilities to Microsoft all the time through our established channels in the (Microsoft Security Response Center)," a company representative said. "This is really business as usual...Microsoft investigates all reports and will take the appropriate action for all vulnerability reports depending on customer needs."
The vulnerabilities affect Windows 2000, but Maiffret noted eEye is still conducting tests, and he anticipates other versions of Microsoft's OS will likely be affected.
For Microsoft, this marks the second eEye advisory it's received this week. On Monday, eEye notified the software giant it had found critical vulnerabilities in Internet Explorer.
The IE vulnerabilities could allow malicious attackers to launch a remote buffer overflow attack should users click on a malicious Web site link.
The flaw, which is rated as a "high" risk, affects IE, Windows XP and SP1, Windows 2003 and Windows 2000.
Microsoft confirmed it received the eEye advisory regarding IE through its standard vulnerability reporting system.
See more CNET content tagged:
eEye Digital Security,
advisory,
flaw,
vulnerability,
Microsoft Windows 2000
found to have similar flaws. The flaws aren't the problem, it's what
the OS source does about the flaws. But. maybe this time, there is
no fix ??????
2/Use commercial firewall and antivirus software, keeping both uptodate and switching off as many ports as possible while still having access to the net for browsing and email.
3/Don't connect to the internet - although recent studies have shown that some people actually get withdrawal symptoms from lack of net access, and obviously you are seriously curtailing the usefulness of your computer, it is an option for those that like to live in a closed world of nothingness and depressive-like darkness. Angst ridden teenagers are an example of a subset of this neurotic group of losers, right wing Christian republican extremists another, polically correct do-gooder liberals a third. The world would be better off without any of these people inflicting their drivel in the form of blogs or forums on the rest of us more perfectly minded and correctly attituded beings.
Fred
- mr gates is he smart or not
-
by
October 10, 2005 9:29 AM PDT
- he should be spending more money on fixing the os he all ready dreated pie in the face again should think so maybe every one should change operating system becouse windows has too many holes in it maybe linux is the go
-
Reply to this comment
-
(7 Comments)gates fix it or lose money then again you might be in court from one of your customers