New Critical Flaw in Windows? - Tilted Forum Project Discussion Community

SonicRL · 02-10-2004, 06:42 PM

http://news.yahoo.com/news?tmpl=stor...microsoft_dc_4

Quote:

SEATTLE/SAN FRANCISCO (Reuters) - Microsoft Corp. (Nasdaq:MSFT - news) on Tuesday said a critical flaw in most versions of its flagship Windows operating system could allow attackers to run malicious programs on personal computers.
In its monthly security bulletin, the world's largest software maker warned that Windows NT, Windows 2000 (news - web sites), Windows XP (news - web sites) and Windows Server 2003 were at risk and offered software updates to fix the flaws, which were given Microsoft's highest severity rating of "critical."

"It does affect all (current) versions of Windows," said Stephen Toulouse, security program manager for Microsoft's Security Response Center. "We're not aware of anyone affected by this at this time."

Marc Maiffret, co-founder of eEye Digital Security, the company that discovered the flaw, criticized Microsoft for taking more than six months to come up with a patch to fix the problem, particularly since the flaw allows an attacker multiple ways to break into a system and could do almost anything they wanted to the system.

"We contacted Microsoft about these vulnerabilities 200 days ago, which is insane," he said. "Even the most secure Windows networks are going to be vulnerable to this flaw, which is very unique."

In response, Toulouse said Microsoft needed to take time to make sure to get the fix right, especially given how pervasive the vulnerability is in the software.

"We wanted to make absolutely sure we were doing as broad an investigation as possible," he said.

Windows users can download the patch for the vulnerability from www.microsoft.com/security.

The obvious steps to take are to run Windows Update and install the patches to fix the vulnerabilities as soon as possible," said Craig Schmugar, a virus research manager at Network Associates Inc.'s (NYSE:NET - news) McAfee anti-virus unit.

The latest fixes for Microsoft's software are unrelated to the latest virus attacks by MyDoom and its variants, Schmugar said.

Microsoft switched to a monthly cycle of releasing security updates in order to make it easier for system administrators to keep their software secure and up to date.

But the company released a critical update a week ago, ahead of Tuesday's scheduled release, in order to fix a patch in its Explorer Web browser that could make PCs vulnerable to attackers.

In addition, Microsoft announced a mid-grade security warning for the latest version of its server products for networked computers.

Two years ago, the Redmond, Washington-based company pledged to make its software products more secure and reliable under an initiative, called Trustworthy Computing, outlined in a companywide memo by Chairman Bill Gates (news - web sites).

But computers running the company's software have been hit by several high-profile attacks, such as the SQL Slammer, Nimda and SoBig attacks.

On Monday, a new worm called "Doomjuice," an offshoot of the MyDoom worm, emerged, which used personal computers compromised by the original MyDoom worm to attack and slow down parts of Microsoft's Web site, according to security experts.

The MyDoom worm, as well as its variant MyDoom.B, were designed to entice e-mail recipients to click open an attachment, which then installed malicious software on a personal computer. The worms then instructed infected PCs to flood the Web sites of the SCO Group Inc. (Nasdaq:SCOX - news) and Microsoft in an effort to shut them down.

Just saw this on Yahoo! So, is it old or new

propaganda · 02-10-2004, 06:47 PM

Two years ago, the Redmond, Washington-based company pledged to make its software products more secure and reliable under an initiative, called Trustworthy Computing, outlined in a companywide memo by Chairman Bill Gates (news - web sites).

This better not speed up the process for them making this Trustworthy Computing legal. That would piss off a hell of a lot of people.

nanofever · 02-10-2004, 08:05 PM

I'm not really worried about Trustworthy computing because it won't fly for a single reason, the government doesn't like having to have MS signoff on its secret apps. This means either A) a hack workaround for governments will be created or B) MS will create a program that auto-signs things and will issue it to the government. Either way it will leak into the public quickly.

Also, MS will never ever see another dime of mine if they started using trusted computing (not that it will change anything since I don't pay they now).

02-10-2004, 08:05 PM	#3 (permalink)
nanofever Huzzah for Welcome Week, Much beer shall I imbibe. Location: UCSB	I'm not really worried about Trustworthy computing because it won't fly for a single reason, the government doesn't like having to have MS signoff on its secret apps. This means either A) a hack workaround for governments will be created or B) MS will create a program that auto-signs things and will issue it to the government. Either way it will leak into the public quickly. Also, MS will never ever see another dime of mine if they started using trusted computing (not that it will change anything since I don't pay they now). __________________ I'm leaving for the University of California: Santa Barbara in 5 hours, give me your best college advice - things I need, good ideas, bad ideas, nooky, ect. Originally Posted by Norseman on another forum: "Yeah, the problem with the world is the stupid people are all cocksure of themselves and the intellectuals are full of doubt."

02-10-2004, 06:47 PM	#2 (permalink)
propaganda Psycho	Two years ago, the Redmond, Washington-based company pledged to make its software products more secure and reliable under an initiative, called Trustworthy Computing, outlined in a companywide memo by Chairman Bill Gates (news - web sites). This better not speed up the process for them making this Trustworthy Computing legal. That would piss off a hell of a lot of people.