A serious flaw has been discovered in a core component of Windows 2000, with no possible work-around until it gets fixed, a security company said.
The vulnerability in Microsoft's operating system could enable remote intruders to enter a PC via its Internet Protocol address, Marc Maiffret, chief hacking officer at eEye Digital Security, said on Wednesday. As no action on the part of the computer user is required, the flaw could easily be exploited to create a worm attack, he noted.
What may be particularly problematic with this unpatched security hole is that a work-around is unlikely, he said.
"You can't turn this (vulnerable) component off," Maiffret said. "It's always on. You can't disable it. You can't uninstall."
eEye declined to give more details on the flaw or the Windows 2000 component in question. As part of company policy, it does not release technical details of the vulnerabilities it finds until the software's maker has released either a patch or an advisory.
"Researchers report vulnerabilities to Microsoft all the time through our established channels in the (Microsoft Security Response Center)," a company representative said. "This is really business as usual...Microsoft investigates all reports and will take the appropriate action for all vulnerability reports depending on customer needs."
The vulnerabilities affect Windows 2000, but Maiffret noted eEye is still conducting tests, and he anticipates other versions of Microsoft's OS will likely be affected.
For Microsoft, this marks the second eEye advisory it's received this week. On Monday, eEye notified the software giant it had found critical vulnerabilities in Internet Explorer.
The IE vulnerabilities could allow malicious attackers to launch a remote buffer overflow attack should users click on a malicious Web site link.
The flaw, which is rated as a "high" risk, affects IE, Windows XP and SP1, Windows 2003 and Windows 2000.
Microsoft confirmed it received the eEye advisory regarding IE through its standard vulnerability reporting system.
By Dawn Kawamoto
This story was printed from ZDNet News,
located at http://news.zdnet.com
Discuss whatever you like here! ( ...that's not spam!)
2 posts • Page 1 of 1
- Posts: 6283
- Joined: Thu Dec 12, 2002 11:16 pm
- Windows Version: Windows 7
- Avant Version: 2015 build 27lite
- Default engine: N/A
- IE Version: IE 10(64 bit)
- Skin: Crystal
- Location: Butler, PA
- Posts: 1791
- Joined: Thu May 08, 2003 9:13 pm
- Windows Version: Windows
- Avant Version:
- Location: The Motor City
And that kids, is why you should always use a firewall.
'Minimal collateral damage' and 'entire star system' do /not/ belong in the same sentence.
- Schlock Mercenary
- Schlock Mercenary