« Google Serves Up Adult Ads for Thanksgiving Recovering a Corrupted RPM Database »
Another Security Hole in Windows - With Exploits
Posted November 28, 2004 – 8:27 pm by Yakov Shafranovich in TechnologyLarry Seltzer of eWeek mentioned in his blog last week that a new security hole has been discovered in Windows. Larry mentions in a followup post that whoever discovered this bug released more details (without waiting for a patch from Microsoft). This was also mentioned in the Internet Storm Center’s Handler’s Diary where they criticizes the discover:
I’ll be the first to acknowledge that big vendors aren’t easy to get to move in order to release a patch for something you discovered in their product. Take on top of that, their legal and marketing spin once they finally do and most people will get frustrated by the process. Still that’s no excuse to release attacking details without giving the world a chance to look into it and get ready for that newly created exploit. If the hackers out there are using it, you can’t really claim to have done it yourself, and if you’ve done it all, there’s not really that urgent a need to beat anybody to releasing the details, but an urge to get your 15 minutes of fame. My guess anyway.
In any case, it is still questiable how wide spread this bug actually is. Larry argues that the service affected, WINS, is not very widespread but that still doesn’t preclude caution like blocking port 42 as ISC recommends.
But then again if you are running Linux like my company, you have nothing to worry about 
Tags: microsoft, security, windows —
Permalink | Trackback URL | This post has
Sorry, comments for this entry are closed at this time.