MS acks a critical vulnerability in all versions of Windows ('cept Win ME)

Discussion in 'Computer Security' started by Don Kelloway, Jul 16, 2003.

  1. Don Kelloway

    Don Kelloway Guest

    Microsoft said the vulnerability could allow hackers to seize control of
    a victim's Windows computer over the Internet, stealing data, deleting
    files or eavesdropping on e-mails. The company urged customers to
    immediately apply a free software repairing patch available from
    Microsoft's Web site.

    Read the following for further information:
    http://www.microsoft.com/security/security_bulletins/ms03-026.asp


    --
    Best regards,
    Don Kelloway
    Commodon Communications

    Visit http://www.commodon.com to learn about the "Threats to Your
    Security on the Internet".
     
    Don Kelloway, Jul 16, 2003
    #1
    1. Advertisements

  2. Don Kelloway

    Gary Flynn Guest

    And note that this can be done without any user interaction, email,
    or web sites. Just sitting on the network is enough. Not typical for
    a defect in client software. This may be the most important patch
    since the IIS patches for the defect exploited by Code Red and
    Nimda and the SQL Server patch for the defect exploited by Slammer.

    --
    Gary Flynn
    Security Engineer - Technical Services
    James Madison University

    Please R.U.N.S.A.F.E.
    http://www.jmu.edu/computing/runsafe
     
    Gary Flynn, Jul 17, 2003
    #2
    1. Advertisements

  3. Don Kelloway

    donut Guest

    More specifically, this applies only to the Win NT family of OSes. Win9x is
    not affected.
     
    donut, Jul 17, 2003
    #3
  4. Don Kelloway

    Mike Guest

    Does it also apply to Windows 2003 Server, which has gone through the
    extra security audits?
     
    Mike, Jul 18, 2003
    #4
  5. The link provided by Don does clearly state that "Products Affected by
    This Update", as well as the technical details link from that page
    which indicates the "Affected Software" includes Microsoft Windows
    Server 2003. If that doesn't convince you, perhaps this article will:
    http://www.eweek.com/article2/0,3959,1195713,00.asp. Note that the
    flaw is rated as critical.

    HTH
    TOG

    --
    ../configure --prefix=~/zyterion
    Not this guy or that guy, The Other Guy.

    This spot may contain a satirical comment or comedic source,
    and is meant to be funny. If you are easily offended, gullible
    or don't have a sense of humour we suggest you read elsewhere.
     
    The Other Guy, Jul 18, 2003
    #5
  6. Don Kelloway

    Nelson Tam Guest

    Well, Win9x users should not be happy so early. Under Microsoft's official
    documentation,
    http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp,
    Win9x might not be safe as well since RPC is available in all microsoft
    OSes...

    "Tested Versions:
    Microsoft tested Windows Me, Windows NT 4.0, Windows NT 4.0
    Terminal Services Edition, Windows 2000, Windows XP and Windows
    Server 2003, to assess whether they are affected by this vulnerability.
    Previous versions are no longer supported, and may or may not be
    affected by this vulnerability."

    Regards

    --
     
    Nelson Tam, Jul 22, 2003
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.