Printer Friendly

Critical Hole in Most Windows Machines Revealed.

Microsoft Corp warned yesterday of a "critical" security vulnerability in most recent versions of Windows that could be exploited remotely by a malicious hacker to completely take over a target machine.

The company issued a patch for the problem, along with a patch for a less-serious vulnerability, and stressed to users of Windows NT 4.0, 2000, XP and 2003, the importance of applying this latest fix.

The vulnerability is in Microsoft's implementation of Abstract Syntax Notation 1 (ASN.1), a method of representing data Microsoft described as "a language for defining standards".

It's another unchecked buffer that, if overrun, allows malicious code to be executed. An attacker with an exploit could take pretty much whatever action they wanted to on the vulnerable machine.

"Because ASN.1 is a standard for many applications and devices, there are many potential attack vectors," Microsoft said in its advisory. "For example, when using authentication protocols based on ASN.1 it could be possible to construct a malformed authentication request that could expose this vulnerability."

This vulnerability was discovered in July 2003 by researchers at eEye Digital Security Inc. eEye's chief hacking officer Marc Maiffret yesterday criticized Microsoft's tardiness in issuing a patch (see separate article in this issue).

In a separate advisory, Microsoft warned of an "Important" patch for its Windows Internet Naming Service software, to fix a vulnerability discovered by Qualys Inc. "Important" is Microsoft's second-highest rank for security problems.

WINS maps IP addresses to NetBIOS addresses and vice versa. Gerhard Eschelbeck, CTO of Qualys, said the vulnerability, if exploited on the one server, could bring down the entire network of Windows machines that depended on it.
COPYRIGHT 2004 Datamonitor
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2004 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Microsoft Corp warns
Publication:Computergram International
Article Type:Brief Article
Geographic Code:1USA
Date:Feb 11, 2004
Previous Article:Linux Networx Targets European and Government Opportunities.
Next Article:Sun Giving Hardware to Developers.

Related Articles
System administrators blame each other for spread of Slammer. (Virus Notes).
Worm and Hacking Tool Target Microsoft Software.
Blaster and SoBig to Return?
Microsoft Monopoly is National Security Risk, Rivals Say.
Four More Critical Windows Holes Disclosed.
Windows 98 Support Decision "Unilateral", Say Schwartz.
Twenty Holes Plugged on Microsoft Patch Day.
Microsoft identfies critical security vulnerabilites.
How computer viruses work.

Terms of use | Privacy policy | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters