Tuesday, June 02, 2015
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
E FUN Introduces Affordable Flexx 2-in-1 Windows Tablets
Atmel Showcases System Solution for Wearables at Computex 2015
Sony Delivers New Entry-level Professional Camcorder, New 4K Laser Projection Options And Professional Laser and Lamp Projectors
GLOBALFOUNDRIES Provides Design Flows For 14nm FinFET Chips
COMPUTEX: Shuttle Unveils PCs with Broadwell Core i3, i5 and i7 Processors
Computex: New Dell Inspiron Laptops, 2-in-1 and Desktop Devices For Everyday Computing Needs
SSDs Hit Pricing Sweet Spot
Creative Introduces Draco HS880 Gaming Headset
Active Discussions
Copy a protected DVD?
roxio issues with xp pro
How to burn a backup copy of The Frozen Throne
Help make DVDInfoPro better with dvdinfomantis!!!
Copied dvd's say blank in computer only
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Microso...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, April 25, 2005
Microsoft Confirms Dangerous Vulnerability in Windows 2000


In atypical fashion, Microsoft program manager Stephen Toulouse remarked on the issue on the Microsoft Security Response Center blog.

Microsoft has confirmed reports that a potentially dangerous security hole exists in Windows 2000 systems and that users could be at risk for attack.

Details about the vulnerability were first reported by Israel-based GreyMagic, which posted details and relevant code on its Web site.

The company issued an advisory warning users that a malicious hacker could use Windows Explorer to navigate through the Windows file system of an unsuspecting user.

Response Call
In atypical fashion, Microsoft program manager Stephen Toulouse remarked on the issue on the Microsoft Security Response Center blog . Usually, Microsoft managers do not comment on specific security issues, especially on a blog.

Toulouse noted that the issue involves the Windows shell, and the company's initial investigation found that significant user interaction would be required for an attacker to exploit the vulnerability.

Microsoft has confirmed that Windows XP , Windows XP SP2 and Windows Server 2003 are not affected by the bug.

Manager Insight "We're also looking into reports of proof of concept code that has been made public that could seek to exploit this reported vulnerability," Toulouse wrote. "On that note, we're not currently aware of any customer impact as a result or an attack that seeks to exploit this vulnerability."

Once Microsoft's investigation is complete, it might decide to provide a fix through an out-of-cycle security update, he added.

In the meantime, he recommended that users block Server Message Block communications at the firewall to protect themselves from possible attack.

Critical Eye
Microsoft has criticized GreyMagic for publishing proof-of-concept code with its advisory, a move that is more true to form for the company, said Secunia security researcher Thomas Kristensen.

"Microsoft very much believes that code should not be made available and freely disclosed in the security community," he said.

As the debate rages over whether to disclose code, the fact remains that Microsoft patches for vulnerabilities like the Windows 2000 flaw are closely watched, Kristensen noted.

"We would hope that Microsoft would release a patch for this quickly," he said. "Microsoft vulnerabilities affect too many people to go unpatched for too long."

From TopTech News



Previous
Next
TiVo looks for an edge        All News        Clever design gives AMD edge over Intel
Sony Europe Announces First PC With DSD, ASIO 2.1 and Blu-Ray Disc     General Computing News      The Death of illegal P2P?

Source Link Get RSS feed Easy Print E-Mail this Message

Related News
It's Official: Windows 10 Available As a Free Upgrade on July 29
Newegg Lists Windows 10 Online, Unveils Price and Availability Date
Research Project Can Interpret, Caption Photos
Microsoft Edge Browser To natively Support Dolby Audio
Microsoft Cortana Coming To Apple and Android Phones
Microsoft, Salesforce Talks Stall On Pricing: report
Microsoft Project Reveals Method For Keeping Cloud Data Private
Microsoft Says Non-Genuine Windows Users Will Not Get A Windows 10 Update
Windows 10 Brings Active Directory Interoperability With The Cloud
Windows 10 To Be Available In 6 Editions
Windows 10 To Support USB Dual Role on Mobile
Microsoft Touts Greater Javascript Performance Of Edge Browser

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .