A serious flaw has been discovered in a core component of Windows 2000, with no possible work-around until it gets fixed, a security company said.
The vulnerability in Microsoft's operating system could enable remote intruders to enter a PC via its Internet Protocol address, Marc Maiffret, chief hacking officer at eEye Digital Security, said on Wednesday. As no action on the part of the computer user is required, the flaw could easily be exploited to create a worm attack, he noted.
What may be particularly problematic with this unpatched security hole is that a work-around is unlikely, he said.
"You can't turn this (vulnerable) component off," Maiffret said. "It's always on. You can't disable it. You can't uninstall."
eEye declined to give more details on the flaw or the Windows 2000 component in question. As part of company policy, it does not release technical details of the vulnerabilities it finds until the software's maker has released either a patch or an advisory.
"Researchers report vulnerabilities to Microsoft all the time through our established channels in the (Microsoft Security Response Center)," a company representative said. "This is really business as usual...Microsoft investigates all reports and will take the appropriate action for all vulnerability reports depending on customer needs."
The vulnerabilities affect Windows 2000, but Maiffret noted eEye is still conducting tests, and he anticipates other versions of Microsoft's OS will likely be affected.
For Microsoft, this marks the second eEye advisory it's received this week. On Monday, eEye notified the software giant it had found critical vulnerabilities in Internet Explorer.
The IE vulnerabilities could allow malicious attackers to launch a remote buffer overflow attack should users click on a malicious Web site link.
The flaw, which is rated as a "high" risk, affects IE, Windows XP and SP1, Windows 2003 and Windows 2000.
Microsoft confirmed it received the eEye advisory regarding IE through its standard vulnerability reporting system.
... for any OS. If someone searches long enough, every OS will be found to have similar flaws. The flaws aren't the problem, it's what the OS source does about the flaws. But. maybe this time, there is no fix ??????
1/Don't use Windows 2000 - sounds obvious and I don't necessarily mean switch to a non-Microsoft OS. WinXP is essentially the same OS with uptodate security fixes and a few extra features, Linux is free and you could switch to Apple, although this is an extremely expensive option. 2/Use commercial firewall and antivirus software, keeping both uptodate and switching off as many ports as possible while still having access to the net for browsing and email. 3/Don't connect to the internet - although recent studies have shown that some people actually get withdrawal symptoms from lack of net access, and obviously you are seriously curtailing the usefulness of your computer, it is an option for those that like to live in a closed world of nothingness and depressive-like darkness. Angst ridden teenagers are an example of a subset of this neurotic group of losers, right wing Christian republican extremists another, polically correct do-gooder liberals a third. The world would be better off without any of these people inflicting their drivel in the form of blogs or forums on the rest of us more perfectly minded and correctly attituded beings.
Is there such a thing as a secure windows os? I am behind 2 NAT's and Sygate, never use IE, encrypt my hard drives file system and I still wonder? Windows should come with a warning: This software will enable hackers to gain control of your PC if connected to the Internet.
he should be spending more money on fixing the os he all ready dreated pie in the face again should think so maybe every one should change operating system becouse windows has too many holes in it maybe linux is the go
gates fix it or lose money then again you might be in court from one of your customers
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
found to have similar flaws. The flaws aren't the problem, it's what
the OS source does about the flaws. But. maybe this time, there is
no fix ??????
2/Use commercial firewall and antivirus software, keeping both uptodate and switching off as many ports as possible while still having access to the net for browsing and email.
3/Don't connect to the internet - although recent studies have shown that some people actually get withdrawal symptoms from lack of net access, and obviously you are seriously curtailing the usefulness of your computer, it is an option for those that like to live in a closed world of nothingness and depressive-like darkness. Angst ridden teenagers are an example of a subset of this neurotic group of losers, right wing Christian republican extremists another, polically correct do-gooder liberals a third. The world would be better off without any of these people inflicting their drivel in the form of blogs or forums on the rest of us more perfectly minded and correctly attituded beings.
Fred
gates fix it or lose money then again you might be in court from one of your customers