| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft ASN flaw may be biggest defect ever found | |
|
||
| Time: 16:50 EST/21:50 GMT | News Source: SearchWin2000.com | Posted By: Byron Hinson | ||
|
Enterprises are scrambling to patch their systems in the wake of Microsoft Corp.'s vulnerability blitz Tuesday that revealed a critical flaw affecting multiple Windows operating systems. The vulnerability can permit an unauthenticated, remote attacker to execute arbitrary code with system privileges. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 302 Last | Next |
The time now is
11:34:01 AM
ET.
Any comment problems? E-mail us |
| #1 By 20 (24.173.210.58) at 2/11/2004 5:29:37 PM |
|
These things are simply impossible to prevent. No amount of code review, expert programmers, etc will ever prevent all bugs.
The only solution is to use managed code and have processors that prevent stack corruption and have clearly delineated code/data segments. MS is working with Intel and AMD to get this into processors ASAP. My guess is that this may be yet another security reason why Windows XP SP2 is being delayed so much (add this to the top of the new firewall, new segregated kernel driver member space, etc). |
| #2 By 2332 (207.31.248.12) at 2/11/2004 7:23:11 PM |
|
Biggest.
Flaw. Ever. (Had to be said.) |
| #3 By 3339 (64.160.58.135) at 2/12/2004 12:34:57 PM |
| This comment has been removed due to a violation of the Active Network Terms of Use. |
| #4 By 3339 (64.160.58.135) at 2/12/2004 4:19:29 PM |
| This comment has been removed due to a violation of the Active Network Terms of Use. |
| #5 By 3339 (64.160.58.135) at 2/12/2004 4:24:07 PM |
|
"I note that one is dated December 20, 2003. "
I note that a fix is available too. "January 21, 2004 Sun Alert #57472: The Internet Key Exchange (IKE) in Solaris 9 uses ASN.1 code from SSH Inc. A buffer overflow vulnerability has been found in the in.iked(1M) daemon. PLATFORM: Sun Solaris 9 on SPARC and x86 platforms" Also patched. "OpenSSL ASN.1 Large Recursion Remote Denial Of Service Vulnerability http://www.securityfocus.com/bid/8970 updated Dec 03, 2003" Updated, because it was discovered in November and patched by Dec. 3rd. What is your point? That other vendors are much more responsive than Microsoft. That does appear to be the case, doesn't it? |
| #6 By 3339 (64.160.58.135) at 2/12/2004 4:26:23 PM |
|
Shall we look at some of the Microsoft flaws which remain UNpatched:
http://www.eeye.com/html/Research/Upcoming/index.html Maybe Microsoft can beat their own pathetic response time on some of these. |
| #7 By 3339 (64.160.58.135) at 2/12/2004 4:29:34 PM |
|
"Because it is now standard for the Unices to use open source software, most of them are vulnerable to every security hole in open source.
That means you can find dozens of references to Unix and ASN.1 vulnerabilities for each flavor of Unix affecting OpenSSL, Apache and a bunch of others. The advisories are recent." And how does this NOT apply to Microsoft? Windows, Outlook, and numerous other apps are just as, if not more, dependent on the ISO/IEC, ITU standard that is ASN.1. |
| #8 By 3339 (64.160.58.135) at 2/12/2004 4:46:27 PM |
|
And now apparently Windows 2000 and NT4 are floating around the net in source form. Ha, ha, ha!
Lovely couple of weeks for MSFT. This post was edited by sodajerk on Thursday, February 12, 2004 at 19:49. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 302 Last | Next |
The time now is
11:34:01 AM
ET.
Any comment problems? E-mail us |
