A newly discovered and as-of-yet unpatched security vulnerability in Windows XP could let an attacker remotely crash computers.
The flaw affects the Windows Remote Desktop Service, which lets users access their Windows PC from a remote location. An attacker could remotely exploit the problem to crash a victim's PC in what's known as a denial-of-service attack, according to a posting on the Security Protocols Web site earlier this week. The user would then see the Windows "blue screen of death."
Microsoft knows of the security flaw and is working on a patch, a company representative said on Friday.
"The issue was originally privately reported to Microsoft and we are working on an update that will be released when it is of the appropriate quality," the representative said. "The concern is that this has now gone public, potentially putting customers at risk."
According to the Security Protocols Web site, Microsoft was informed of the problem on May 4 and plans to release a patch as part of its August update cycle. Fully patched Windows XP machines--including those with the Service Pack 2 update and the firewall enabled--are vulnerable, according to Security Protocols.
In its initial review of the bug, Microsoft found that an attacker would not be able to run code on the victim's PC, but the attacker could cause the computer to stop responding, the representative said. Also, only computers that have the Remote Desktop Service enabled are vulnerable, she said. Windows ships with the service disabled, according to Microsoft.
Security researchers at iDefense are also looking into the vulnerability. "It does not look like it is more than a DoS," said Michael Sutton, a lab director at iDefense. "An attacker won't be able to take over your PC, but could knock it offline."
Security monitoring company Secunia rates the vulnerability "moderately critical," it said in an advisory issued on Thursday.
Microsoft said it is not aware of attacks that try to use the new vulnerability.
Reports of the new Windows flaw come in the same week that Microsoft patched two "critical" Windows vulnerabilities. Both those Windows flaws are actively being exploited by attackers, the Redmond, Wash., software giant said on Tuesday.
...knowing that you have a securtiy problem with your operating system?
Why would you feel it necessary to put millions of PC users at risk of a DoS attack, in lieu of just patching the problem like you have been in the past 3 and a half years.
At this point in time you [Microsoft] are knowingly and willingly putting consumers at risk of damaging important data across the board, including but not limited to consumers and corporations alike.
Your laid back approach to security patches that deal with worms and virus' are convienent to your opperation at the cost of consumers'. This is a practice that seems evident at Microsoft over the course of the companies existance.
In retrospect, why would you [Microsoft] think that your next operating system would show any improvement or gain over the prevailing OS, XP?
The technologies that you represent in future OS's is that of "yesterday's news", and have been used by the likes of Apple and the Mozilla Foundation in previous years.
The be all, end all question is? It's almost four years Microsoft, over 300 security holes and counting; how can you improve that in your upcomming Operating System?
Due to the major security flaws in Windows, I have come to always expect the worse. I'm not the least bit supprised when a new flaw arises from Windows.
the fun bit is that MS do NOT patch security holes UNTIL they are exploited. this is what give OSS the advantage. when someone sees a flaw then a patch is developed and released hopefully before someone can exploit it. MS just say "it hasn't been exploited so we don't need to take action". quite a pathetic attitude. thank god i rely on linux. at least THEY care about the users of their OS.
So a user can crash your PC from across the globe... No need. It crashes from normal usage, why bother to crash it manually? Thank God for my linux desktop with an uptime of 6 months. Cnet should go out and find some real news like: windows not crashing for an instance (and I don't mean the Microsoft funded 'independent' surveys).
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
system?
Why would you feel it necessary to put millions of PC users at
risk of a DoS attack, in lieu of just patching the problem like you
have been in the past 3 and a half years.
At this point in time you [Microsoft] are knowingly and willingly
putting consumers at risk of damaging important data across
the board, including but not limited to consumers and
corporations alike.
Your laid back approach to security patches that deal with
worms and virus' are convienent to your opperation at the cost
of consumers'. This is a practice that seems evident at Microsoft
over the course of the companies existance.
In retrospect, why would you [Microsoft] think that your next
operating system would show any improvement or gain over the
prevailing OS, XP?
The technologies that you represent in future OS's is that of
"yesterday's news", and have been used by the likes of Apple and
the Mozilla Foundation in previous years.
The be all, end all question is?
It's almost four years Microsoft, over 300 security holes and
counting; how can you improve that in your upcomming
Operating System?
-Justin
Thank God for my linux desktop with an uptime of 6 months. Cnet should go out and find some real news like: windows not crashing for an instance (and I don't mean the Microsoft funded 'independent' surveys).