Posted on 08/04/2005 6:09:10 AM PDT by ShadowAce
A serious flaw has been discovered in a core component of Windows 2000, with no possible work-around until it gets fixed, a security company said.
The vulnerability in Microsoft's operating system could enable remote intruders to enter a PC via its Internet Protocol address, Marc Maiffret, chief hacking officer at eEye Digital Security, said on Wednesday. As no action on the part of the computer user is required, the flaw could easily be exploited to create a worm attack, he noted.
What may be particularly problematic with this unpatched security hole is that a work-around is unlikely, he said.
"You can't turn this (vulnerable) component off," Maiffret said. "It's always on. You can't disable it. You can't uninstall."
eEye declined to give more details on the flaw or the Windows 2000 component in question. As part of company policy, it does not release technical details of the vulnerabilities it finds until the software's maker has released either a patch or an advisory.
A Microsoft representative said the software giant will issue a comment once it has had a chance to review the eEye advisory, which has yet to be posted on the security company's Web site.
The vulnerabilities affect Windows 2000, but Maiffret noted eEye is still conducting tests, and he anticipates other versions of Microsoft's OS will likely be affected.
For Microsoft, this marks the second eEye advisory it's received this week. On Monday, eEye notified the software giant it had found critical vulnerabilities in Internet Explorer.
The IE vulnerabilities could allow malicious attackers to launch a remote buffer overflow attack should users click on a malicious Web site link.
The flaw, which is rated as a "high" risk, affects IE, Windows XP and SP1, Windows 2003 and Windows 2000.
Microsoft confirmed it received the eEye advisory regarding IE through its standard vulnerability reporting system.
"We are investigating the report and will take appropriate action to help protect customers as part of our normal security response process," a Microsoft representative said. Microsoft issues a monthly bulletin of patches and also has a program of security advisories with work-arounds for unpatched, reported flaws.
Oh wait... you can't yet.
With the title "worm hole", I got the impression that this security flaw is not an issue with hackers here, today, on Earth... but rather from other dimensions, time frames, and/or galaxies.
I was trying to come up with something witty and pithy on that front, but failed miserably. :)
So is that a bug or a feature?
yes. It's an "upgrade feature"
If you work for Microsoft, it is a feature.
It's an awesome feature - a wormhole - the ultimate in file deletion!
LOL!............. a new thing ..... a fug.
Does Paris Hilton use Microsoft? hmmm...
Yes, it's called Sharing with Others. It's what we teach our kids from an early age.
;-)
LOL
Notice Windows 2000 itself appears to be okay, except for the fact that Microsoft integrated the browser into the OS. Just don't use IE.
No, it maeans that:
1. We have a Faster Than Light (FTL) based on wormhole technology.
2. It runs on Microsoft technology, so, it doesn't work well with the first version and hostile aliens have found a back door to crash the system just when we need it most.
I don't see that. Can you explain?
LOL, from the title I thought this was from Scrappleface. I pictured an article about how some, using Windows, find themselves shot into another dimension, another time, another place....
Dan
8^D
What's really disturbing is that Microsoft, with all their resources, seems to do no code checking and vulnerability testing for themselves. All the big vulns are discovered by outside researchers.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.