Friday, February 12, 2016
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
AMD Zen Processor For Data centers May Have 32 Cores
Quantum Break Coming to Xbox One and Windows 10 on April 5
Samsung Showcases Latest Monitors, TVs, Smartpwatch And Tablet At 2016 European Forum
Qualcomm Announces Three New Snapdragon Processors, Wear Platform And First Gigabit Class LTE Modem
TSMC Wins Exclusive Chip Contract For Next iPhone: report
LG Introduces Touch-Enabled Quick Phone Cover For LG G5 Smartphone
Oculus Starts Offering Discounted Computers To Early Virtual Reality Adopters
Archos 50d Oxygen Launching At MWC
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
How to burn a backup copy of The Frozen Throne
Help make DVDInfoPro better with dvdinfomantis!!!
Copied dvd's say blank in computer only
menu making
 Home > News > General Computing > Russian...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, February 01, 2005
Russian company picks hole in XP Service Pack 2


Russian security company, Positive Technologies, has released a patch to a security hole it said it discovered in Microsoft's Windows XP Service Pack 2 (SP2) last year.

"We found two small flaws that a programmer could use to go around the SP2 mechanism Data Execution Protection [DEP]," Positive Technologies chief technology officer, Yury Maximov, said.

As Microsoft explains on its website, DEP is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. According to Maximov, Positive Technologies informed the software maker on December 22 about a problem with DEP and was told to wait for a response from the company.

"It has been over one month and we have not heard from Microsoft, so we decided to issue our own patch," Maximov said. "We understand that Microsoft wants to protect its product, but we feel it is more important for people to know about the problem and to know there is a tool to protect them."

He said that it was his understanding that hacker groups were already working on ways to exploit the holes in DEP so as to insert rogue code into a PC's memory.

Microsoft is still investigating the issue, but early analysis indicates the bypassing of DEP and the heap overflow protection feature in Windows XP SP2 is not a security vulnerability, a Microsoft spokesperson said.

"An attacker cannot use this method by itself to attempt to run malicious code on a user's system," she said.

Microsoft was also not aware of any attack exploiting the issue, the spokesperson said.

"Customers are not at risk from the situation,' she said.

Still, Microsoft is looking at ways to prevent the bypassing of the Windows XP SP2 protection features either through an update as part of its monthly security patch cycle or in a service pack, the spokesperson said.

Positive Technologies, in Moscow, haes developed a temporary security measure, which it made available as a free utility called PTmsHORP, Maximov said.

The security hole could not be fully eliminated by a separate patch, he said, and Positive Technologies assumed Microsoft was not going to publish the problem or issue a security fix before the release of Service Pack 3.

But some analysts question the wisdom of downloading third-party patches.

"Personally, I would not advise people installing such patches," Ovum analyst, Graham Titterington, said. "There is a lot of danger in installing patches from people or companies you're not absolutely sure of. Chances are there wouldn't be a problem, but that is a risk not worth taking."

When other companies made publicly known the security problems within Microsoft products such as SP2, it put pressure on Microsoft to address the issue, Titterington said, but publishing third-party patches could possibly further the problem.

"I agree that not having heard from Microsoft for a month was slightly undesirable, but the response time for situations like this are usually more like three months," Titterington said.

The PTmsHORP utility can be can be found online for download at www.ptsecurity.ru/ptmshorp.asp or at www.maxpatrol.com/ptmshorp.asp.

From IDG News Service



Previous
Next
Casio Introduces New EX-P505 Digital Camera        All News        Mobile malware kills Symbian service
MSI launches its new MEGA STICK series - MEGA STICK 527     General Computing News      Virus writer goes to jail

Source Link Get RSS feed Easy Print E-Mail this Message

Related News
Microsoft Buys SwiftKey
Microsoft Wants To Take The Data Center Underwater
Microsoft Cloud And Server Business Help Company's Earnings
Microsoft releases CNTK Deep Learning Toolkit
Microsoft Recalls AC Power Cord for Surface Pro
Microsoft To Donate $1 billion in Cloud Computing Resources
Microsoft Turns Minecraft Into An Education Tool
Microsoft To Stop Supporting Internet Explorer 8, 9 And 10 On January 12
Microsoft Faces Antitrust Probe In China
Microsoft To Notify Users Of Suspected Hacking By Governments
Microsoft To Bring Windows 10 to Public Sector Customers in China
Microsoft Says SmartScreen Protects From Drive-by Attacks

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2016 - All rights reserved -
Privacy policy - Contact Us .