Critical Hole in Most Windows Machines Revealed.Microsoft Corp warned yesterday of a "critical" security vulnerability in most recent versions of Windows that could be exploited remotely by a malicious hacker to completely take over a target machine. The company issued a patch for the problem, along with a patch for a less-serious vulnerability, and stressed to users of Windows NT 4.0, 2000, XP and 2003, the importance of applying this latest fix. The vulnerability is in Microsoft's implementation of Abstract Syntax Notation 1 (ASN (1) (Autonomous System Number) A unique identifier of an autonomous system on the Internet. Of the 65 thousand ASNs available, more than 30 thousand have been assigned to ISPs and NSPs. ISPs usually have only one ASN, but NSPs may have more than one. .1), a method of representing data Microsoft described as "a language for defining standards". It's another unchecked buffer that, if overrun, allows malicious code to be executed. An attacker with an exploit could take pretty much whatever action they wanted to on the vulnerable machine. "Because ASN.1 is a standard for many applications and devices, there are many potential attack vectors," Microsoft said in its advisory. "For example, when using authentication protocols based on ASN.1 it could be possible to construct a malformed malĀ·formed adj. Abnormally or faultily formed. authentication request that could expose this vulnerability." This vulnerability was discovered in July 2003 by researchers at eEye Digital Security eEye Digital Security is a company that specialises in analysis and prevention of security vulnerabilities in software. Founded by Firas Bushnaq and Marc Maiffret in 1997, the company has been credited by Microsoft with bringing a number of security vulnerabilities to their Inc. eEye's chief hacking officer Marc Maiffret yesterday criticized Microsoft's tardiness Tardiness Dagwood comic strip character; chronically late at the office. [Comics: “Blondie” in Horn, 118] ten o’clock scholar schoolboy who habitually arrives late. [Nurs. in issuing a patch (see separate article in this issue). In a separate advisory, Microsoft warned of an "Important" patch for its Windows Internet Naming Service (networking) Windows Internet Naming Service - (WINS) Software which resolves NetBIOS names to IP addresses. software, to fix a vulnerability discovered by Qualys Inc. "Important" is Microsoft's second-highest rank for security problems. WINS maps IP addresses to NetBIOS addresses and vice versa. Gerhard Eschelbeck, CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. of Qualys, said the vulnerability, if exploited on the one server, could bring down the entire network of Windows machines that depended on it. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion