Skip to comments.
Microsoft ASN Buffer Overflow in Tandem with Windows 2000 Source Code Leak Could Spell Doom
Slashdot, Microsoft, Information Week ^
| 2004-02-12
| Vanity
Posted on 02/12/2004 8:03:32 PM PST by mosel-saar-ruwer
Folks, this could be very, very bad.
Earlier this week, news arrived of a fundamental flaw in Microsoft's security infrastructure, involving a buffer overflow in Microsoft's implementation of the Abstract Syntax Notation [or ASN] protocol. This flaw allows a malicious user to gain complete control of Microsoft's flagship operating systems:
Microsoft Warns Of Major Windows Security FlawsWhile Microsoft tagged two of the three vulnerabilities as "critical," its highest-ranked warning, one is of special concern. The vulnerability relates to Windows Abstract Syntax Notation, a language used to define the syntax of data messages shared between applications and computers. Any flaw in Windows' implementation of ASN is by definition critical, since the ASN library is widely used by the operating system's security subsystems, including Kerberos and NTLM authentication, as well as by applications that use digital certificates, including SSL, digitally signed E-mail, and the ActiveX controls utilized by Internet Explorer.
"These flaws can be detected and exploited remotely, and have the potential to cause serious damage if not immediately remediated," said executives at eEye Digital Security, the firm which uncovered the problem in July 2003.
http://informationweek.com/story/showArticle.jhtml?articleID=17602883
This flaw was so fundamental to Microsoft's implementations that it took them SIX MONTHS to regression test the patch, which is available here: http://windowsupdate.microsoft.com
Earlier today, a rumor spread like wildfire that Microsoft source code had leaked onto the internet: Windows 2000 & Windows NT 4 Source Code Leakshttp://slashdot.org/article.pl?sid=04/02/12/2114228
That rumor has since been confirmed by Microsoft: Microsoft Source Code Leaked Over Web Microsoft Corp. (MSFT) said late Thursday that portions of its Windows source code - the tightly guarded blueprints of its dominant operating system - had been leaked over the Internet.
http://apnews.myway.com/article/20040213/D80M46CO1.html
Worst case scenario: The bad guys get their hands on enough of the Windows 2000 source code to pinpoint the ASN buffer overflow, and, in the very near future, users everywhere begin to lose control of their security infrastructures...
TOPICS: Business/Economy; Crime/Corruption; Technical; US: Washington
KEYWORDS:
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80 ... 321-327 next last
Please, please, please: PATCH YOUR SYSTEMS!!!
To: KayEyeDoubleDee
Bump.
To: mosel-saar-ruwer
Please, please, please: PATCH YOUR SYSTEMS!!!
____________________
Will do, right away! Wait..How on earth do I patch my system?
3
posted on
02/12/2004 8:05:44 PM PST
by
PeteFromMontana
(Liberal is a dirty word... just call a liberal a liberal and see what they say)
To: mosel-saar-ruwer
I'm glad Windows 2000 isn't used to fly planes.
4
posted on
02/12/2004 8:06:30 PM PST
by
Paleo Conservative
(Do not remove this tag under penalty of law.)
To: PeteFromMontana
Oh...Windows Update? I do that, but even that is controversial. I have read on this very site that I should not do the updates. What's a point and click computer user to do?
5
posted on
02/12/2004 8:07:18 PM PST
by
PeteFromMontana
(Liberal is a dirty word... just call a liberal a liberal and see what they say)
To: PeteFromMontana
To: Paleo Conservative
I'm glad Windows 2000 isn't used to fly planes.MS Flight Sim doesn't count?
7
posted on
02/12/2004 8:07:55 PM PST
by
_Jim
( <--- Ann C. and Rush L. speak on gutless Liberals (RealAudio files))
To: PeteFromMontana
Windows should automatically come up and give you critical updates.
If it doesn't...go here and follow the instructions.
windowsupdate.microsoft.com
8
posted on
02/12/2004 8:07:58 PM PST
by
ConservativeMan55
(You...You sit down! You've had your say and now I'll have mine!!!!)
To: PeteFromMontana
What's a point and click computer user to do? If you are a small businessman running your own shop, or even just a home user with e.g. so little as TurboTax income tax records on your computer, it is IMPERATIVE that you patch for this vulnerability.
To: Paleo Conservative
10
posted on
02/12/2004 8:09:12 PM PST
by
ConservativeMan55
(You...You sit down! You've had your say and now I'll have mine!!!!)
To: mosel-saar-ruwer
11
posted on
02/12/2004 8:09:24 PM PST
by
JoJo Gunn
(Gut and raze the NEA! ©)
FREE PC PROTECTION: (Not an exhaustive list. Your results may vary. Void where prohibited. For entertainment purposes only. No wagering, please. Whattayawantfernuthin'.) |
|
|
12
posted on
02/12/2004 8:09:36 PM PST
by
martin_fierro
(Chat is my milieu)
To: ConservativeMan55
Hey ConservativeMan, nice to see ya.
13
posted on
02/12/2004 8:09:55 PM PST
by
PeteFromMontana
(Liberal is a dirty word... just call a liberal a liberal and see what they say)
To: _Jim
MS Flight Sim doesn't count? I mean real planes. Imagine if an airliner's computers could be taken over and the plane were flown into high value buildings on the ground via remote control.
14
posted on
02/12/2004 8:11:00 PM PST
by
Paleo Conservative
(Do not remove this tag under penalty of law.)
To: PeteFromMontana
Thanks!
Now...where do I know you from?
Oh ok...wait a second...let me think?
Ok..I give up! Where do I know you from?
15
posted on
02/12/2004 8:11:11 PM PST
by
ConservativeMan55
(You...You sit down! You've had your say and now I'll have mine!!!!)
To: mosel-saar-ruwer
BTT
To: Paleo Conservative
I'm glad Windows 2000 isn't used to fly planes.No, just corporations and federal governments.
To: nopardons
18
posted on
02/12/2004 8:11:38 PM PST
by
ConservativeMan55
(You...You sit down! You've had your say and now I'll have mine!!!!)
To: Paleo Conservative
Imagine if an airliner's computers could be taken over and the plane were flown into high value buildings on the ground via remote control.Really!?
They have that now?
19
posted on
02/12/2004 8:11:56 PM PST
by
_Jim
( <--- Ann C. and Rush L. speak on gutless Liberals (RealAudio files))
To: PeteFromMontana
My system has a rupture?
20
posted on
02/12/2004 8:12:08 PM PST
by
irishtenor
(If animals weren't meant to be eaten, why did God make them out of meat?)
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80 ... 321-327 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson