Critical Windows Flaws Discovered
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Y! MyWeb
Share:
Sponsors:
Vulnerabilities recently found in the Windows operating system could lead to the emergence of worms with the potential to inflict as much damage as the previous Zotob, Sasser, and Blaster viruses, security authorities warned.
The most serious of the flaws could allow remote access to the Microsoft (Nasdaq: MSFT - news) Distributed Transaction Coordinator (MSDTC), a component of the operating system used to coordinate transactions between databases, messaging systems, and file systems across networked machines.
When exploited, this flaw gives attackers the ability to run remote commands with full system privileges.
Exploit Coming SoonGiven that larger organizations often have the most difficulty quickly patching vulnerable systems, a worm based on this vulnerability could wreak havoc on large enterprises.
Exploit code for this vulnerability already has been written by a security firm, so it probably won't take long for worm to be created, said Alfred Huger, senior director of engineering at Symantec Security Response.
"This exploit matches well with a worm, and the impact will depend on the number of people who install the necessary patches," he said.
Other critical discoveries include remotely exploitable flaws in Windows Media Player, Windows ActiveX, and the Plug and Play service of the Windows operating system. These critical security flaws affect Windows NT, 2000, XP, and Windows Server 2003 machines.
If left unpatched, the vulnerabilities could enable an attacker to install programs, change or delete data, or create new accounts with full system privileges.
Customer Responsibility
With millions of installations around the world,
Windows 2000 represents a significant percentage of all Windows servers running today.
"Microsoft has patches available for businesses and consumers, but the problem for enterprises is that they have to be careful in applying the patches, which can damage complex computer systems," Huger said.
Yankee Group senior analyst Andrew Jaquith noted that hackers now can launch scripted attacks that exploit software vulnerabilities in a matter of hours.
"Microsoft is doing the best that it can to address the problems, but they are on a running on a treadmill," he said. "They can issue the patches, but it's up to their customers to remain vigilant and to upgrade their operating systems to more secure products as soon as they able to do so."
Article submitted by: Some1
Last Update: 10-15-2005
Category: Security
The most serious of the flaws could allow remote access to the Microsoft (Nasdaq: MSFT - news) Distributed Transaction Coordinator (MSDTC), a component of the operating system used to coordinate transactions between databases, messaging systems, and file systems across networked machines.
When exploited, this flaw gives attackers the ability to run remote commands with full system privileges.
Exploit Coming SoonGiven that larger organizations often have the most difficulty quickly patching vulnerable systems, a worm based on this vulnerability could wreak havoc on large enterprises.
Exploit code for this vulnerability already has been written by a security firm, so it probably won't take long for worm to be created, said Alfred Huger, senior director of engineering at Symantec Security Response.
"This exploit matches well with a worm, and the impact will depend on the number of people who install the necessary patches," he said.
Other critical discoveries include remotely exploitable flaws in Windows Media Player, Windows ActiveX, and the Plug and Play service of the Windows operating system. These critical security flaws affect Windows NT, 2000, XP, and Windows Server 2003 machines.
If left unpatched, the vulnerabilities could enable an attacker to install programs, change or delete data, or create new accounts with full system privileges.
Customer Responsibility
With millions of installations around the world,
Windows 2000 represents a significant percentage of all Windows servers running today.
"Microsoft has patches available for businesses and consumers, but the problem for enterprises is that they have to be careful in applying the patches, which can damage complex computer systems," Huger said.
Yankee Group senior analyst Andrew Jaquith noted that hackers now can launch scripted attacks that exploit software vulnerabilities in a matter of hours.
"Microsoft is doing the best that it can to address the problems, but they are on a running on a treadmill," he said. "They can issue the patches, but it's up to their customers to remain vigilant and to upgrade their operating systems to more secure products as soon as they able to do so."
Article submitted by: Some1
Last Update: 10-15-2005
Category: Security
Current rating: 5.4 by 45 users
| Would you recommend this article to a friend? |
| Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Related News Stories
(9,413 reads) 07-05-2008
· Fusion Security(15,104 reads) 06-02-2007
· NukeSentinel(tm)2.5.10 Critical Update(13,860 reads) 05-07-2007
· NukeSentinel(tm) 2.5.08 Maintainance Release(15,334 reads) 03-15-2007
· NukeSentinel(tm) 2.5.07 Reissued: Critical Update(13,830 reads) 03-02-2007
· NukeSentinel(tm) 2.5.06: Critical Update(14,592 reads) 01-23-2007
· NukeSentinel(tm) 2.5.05 released(14,616 reads) 12-24-2006
· NukeSentinel 2.5.04 released(14,342 reads) 11-03-2006
· NukeSentinel(tm) 2.5.03 Released(18,181 reads) 10-19-2006
· Php Nuke 8.0 Patched(14,568 reads) 10-01-2006
· ipBan Modification
Please register or sign-in to post comments.