Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Critical W2K bug unpatched after 105 days

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Critical W2K bug unpatched after 105 days
Date: Wed, 17 Nov 2004 02:45:42 -0600 (CST) 
http://www.smh.com.au/news/Breaking/Critical-W2K-bug-unpatched-after-105-days/2004/11/16/1100384533654.html

By Sam Varghese
November 16, 2004

A critical flaw in Windows 2000, discovered by eEye Digital Security,
is yet to be patched by Microsoft though 105 days have elapsed since
full details of the bug were provided to the software giant.

eEye has characterised the bug as a "remotely-exploitable
vulnerability that allows anonymous attackers to compromise default
installations of the affected software, without requiring user
interaction, and gain absolute access to the host machine."

Details were sent to Microsoft on August 2.

eEye started informing the public of upcoming security advisories last
year. The procedure it follows is to provide the bare details of the
bug and then wait for a patch to be issued before it released full
details of the flaw in question.

Yesterday, eEye sent details of another critical bug - in Windows ME,
Windows 2000, Windows XP and Windows 2003 - to Microsoft.

This was described as "a vulnerability in default installations of the
affected software that allows malicious code to be executed with
minimal user interaction."

Microsoft chief executive officer Steve Ballmer was quoted recently as
saying that patches for Windows were issued swiftly, compared to those
for other operating systems.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Critical W2K bug unpatched after 105 days, InfoSec News <=
Previous by Date:  [ISN] Sarbanes-Oxley kicks in, InfoSec News
Next by Date:  [ISN] Hacker hire costs SecurePoint an ally, InfoSec News
Previous by Thread:  [ISN] Sarbanes-Oxley kicks in, InfoSec News
Next by Thread:  [ISN] Hacker hire costs SecurePoint an ally, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]