ProWrestling Fans Forum

Nullpunkt · 11 Feb 2004, 10:56 AM

Microsoft Warns on Windows Security Flaws

WASHINGTON (AP) - Microsoft Corp. warned customers Tuesday about unusually serious security problems with its Windows software that could let hackers quietly break into their computers to steal files, delete data or eavesdrop on sensitive information.
Microsoft, which learned about the flaws more than six months ago from researchers, said the only protective solution was to apply a repairing patch it offered on its Web site. It assessed the threat to computer users as ``critical,'' its highest rating.
A Microsoft security executive, Stephen Toulouse, said the flawed software was ``an extremely deep and pervasive technology in Windows,'' and urged customers to apply the patch immediately.

*The Department of Homeland Security also warned Americans about the software problems with e-mails sent across its new national cyber-alert system.

The disclosure comes just weeks before Microsoft Chairman Bill Gates delivers a keynote speech in San Francisco at one of the industry's most important security trade conferences. Microsoft has struggled in recent months against a tide of renewed criticism about security risks in its software, the engine for computers in most of the world's governments, corporations and homes.

``This is one of the most serious Microsoft vulnerabilities ever released,'' said Marc Maiffret of eEye Digital Security Inc. of Aliso Viejo, Calif., which discovered the new Windows flaws. ``The breadth of systems affected is probably the largest ever. This is something that will let you get into Internet servers, internal networks, pretty much any system.''

Maiffret said some computer systems that control critically important power or water utilities were vulnerable.

Maiffret predicted hackers will try to unleash a damaging Internet infection within weeks. Unlike earlier vulnerabilities that spawned such attacks, hackers can exploit the newly disclosed flaws to break into susceptible computers using dozens of methods, making any defense far more difficult.

``The race will be on,'' agreed Marcus Sachs, a former White House adviser on cybersecurity.

Researchers at eEye discovered the problems last July and agreed to keep quiet about them until Microsoft could fix them. Maiffret complained that the delay between eEye's discovery and Tuesday's public disclosure by Microsoft was ``just totally unacceptable'' because Windows users were broadly vulnerable during the period.

Toulouse said Microsoft took months because it wanted to ensure that a single repairing patch solved any related problems. ``We really took the steps to make sure our investigation was as broad and deep as possible,'' he said.

Maiffret and Microsoft said they were unaware anyone had yet attacked Windows computers using the technique, although eEye had successfully tested the method to break into its own computers.

Microsoft's disclosure occurred just days before a presidential advisory council submits recommendations to the White House about ways technology companies should respond to major software vulnerabilities that could affect national security. The 54-page report, obtained by The Associated Press, cautions that ``long delays in remediation can result in prolonged risk to end users.''

The problems affected a technology in the newest versions of Windows known as ``abstract syntax notation,'' a way to share data across different computers. Some of Microsoft's built-in security features - such as its Kerberos cryptography system - rely on the flawed software.

Microsoft urged consumers to apply the repairing patch immediately if they were using Windows NT, Windows 2000 or Windows XP versions of its software, or its Windows NT Server, Server 2000 and Server 2003 software commonly found in corporations.

Exo · 24 Feb 2004, 12:00 PM

well, did anyone actually do anything about this? Or is it just another patch up for the pc which will prolly need another patch in a week or so?

Toof · 24 Feb 2004, 12:14 PM

The article states that the problem was solved. But meh I don't trust Microsoft on securing my system. Thats why I use Norton Internet Security and it works like a charm.

11 Feb 2004, 10:56 AM	#1 (permalink)
Nullpunkt givin you the evil eye... Join Date: Jun 2003 Location: Toronto Posts: 2,646 Rep Power: 20	Microsoft Operating Systems problem: huge security flaw discovered (PLEASE READ) Microsoft Warns on Windows Security Flaws WASHINGTON (AP) - Microsoft Corp. warned customers Tuesday about unusually serious security problems with its Windows software that could let hackers quietly break into their computers to steal files, delete data or eavesdrop on sensitive information. Microsoft, which learned about the flaws more than six months ago from researchers, said the only protective solution was to apply a repairing patch it offered on its Web site. It assessed the threat to computer users as ``critical,'' its highest rating. A Microsoft security executive, Stephen Toulouse, said the flawed software was ``an extremely deep and pervasive technology in Windows,'' and urged customers to apply the patch immediately. *The Department of Homeland Security also warned Americans about the software problems with e-mails sent across its new national cyber-alert system. The disclosure comes just weeks before Microsoft Chairman Bill Gates delivers a keynote speech in San Francisco at one of the industry's most important security trade conferences. Microsoft has struggled in recent months against a tide of renewed criticism about security risks in its software, the engine for computers in most of the world's governments, corporations and homes. ``This is one of the most serious Microsoft vulnerabilities ever released,'' said Marc Maiffret of eEye Digital Security Inc. of Aliso Viejo, Calif., which discovered the new Windows flaws. ``The breadth of systems affected is probably the largest ever. This is something that will let you get into Internet servers, internal networks, pretty much any system.'' Maiffret said some computer systems that control critically important power or water utilities were vulnerable. Maiffret predicted hackers will try to unleash a damaging Internet infection within weeks. Unlike earlier vulnerabilities that spawned such attacks, hackers can exploit the newly disclosed flaws to break into susceptible computers using dozens of methods, making any defense far more difficult. ``The race will be on,'' agreed Marcus Sachs, a former White House adviser on cybersecurity. Researchers at eEye discovered the problems last July and agreed to keep quiet about them until Microsoft could fix them. Maiffret complained that the delay between eEye's discovery and Tuesday's public disclosure by Microsoft was ``just totally unacceptable'' because Windows users were broadly vulnerable during the period. Toulouse said Microsoft took months because it wanted to ensure that a single repairing patch solved any related problems. ``We really took the steps to make sure our investigation was as broad and deep as possible,'' he said. Maiffret and Microsoft said they were unaware anyone had yet attacked Windows computers using the technique, although eEye had successfully tested the method to break into its own computers. Microsoft's disclosure occurred just days before a presidential advisory council submits recommendations to the White House about ways technology companies should respond to major software vulnerabilities that could affect national security. The 54-page report, obtained by The Associated Press, cautions that ``long delays in remediation can result in prolonged risk to end users.'' The problems affected a technology in the newest versions of Windows known as ``abstract syntax notation,'' a way to share data across different computers. Some of Microsoft's built-in security features - such as its Kerberos cryptography system - rely on the flawed software. Microsoft urged consumers to apply the repairing patch immediately if they were using Windows NT, Windows 2000 or Windows XP versions of its software, or its Windows NT Server, Server 2000 and Server 2003 software commonly found in corporations. __________________

24 Feb 2004, 12:00 PM	#2 (permalink)
Exo Now, even sexier! Join Date: Aug 2002 Posts: 16,845 Rep Power: 5819	well, did anyone actually do anything about this? Or is it just another patch up for the pc which will prolly need another patch in a week or so? __________________ Click to subscribe to the podcast feed or Download Episode 33 and give your feedback in the KPWF room. DEV INTERVIEW IS POSTED!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Jerome, Huge pussy or huge bitch, you decide.	Exo	WarZone	17	16 Jul 2006 11:34 AM
Bands you have recently discovered	GDAWG	Entertainment	12	24 Apr 2005 04:20 PM
Operating System	Amniva	Suggestion Box	2	30 Oct 2003 12:04 PM
What Systems do you have?	KawasakIcon	Games & Technology	16	27 Apr 2003 11:08 PM

24 Feb 2004, 12:14 PM	#3 (permalink)
Toof I hate people Join Date: Sep 2002 Posts: 14,666 Rep Power: 132	The article states that the problem was solved. But meh I don't trust Microsoft on securing my system. Thats why I use Norton Internet Security and it works like a charm.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)