Advertisement
Promo

Desktop platforms Toolkit in association with http://ad.doubleclick.net/clk;205413468;14699245;m?http://adfarm.mediaplex.com/ad/ck/2397-58840-22058-14

Core flaw opens Windows 2000 to attack

Dawn Kawamoto CNET News

Published: 04 Aug 2005 09:15 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A serious flaw has been discovered in a core component of Windows 2000, with no possible work-around until it gets fixed, a security company said.

The vulnerability in Microsoft's operating system could enable remote intruders to enter a PC via its IP address, Marc Maiffret, chief hacking officer at eEye Digital Security, said on Wednesday. As no action on the part of the computer user is required, the flaw could easily be exploited to create a worm attack, he noted.

What may be particularly problematic with this unpatched security hole is that a work-around is unlikely, he said.

"You can't turn this [vulnerable] component off," Maiffret said. "It's always on. You can't disable it. You can't uninstall."

eEye declined to give more details on the flaw or the Windows 2000 component in question. As part of company policy, it does not release technical details of the vulnerabilities it finds until the software's maker has released either a patch or an advisory.

A Microsoft representative said the software giant will issue a comment once it has had a chance to review the eEye advisory, which has yet to be posted on the security company's Web site.

The vulnerabilities affect Windows 2000, but Maiffret noted eEye is still conducting tests, and he anticipates other versions of Microsoft's OS is likely to be affected.

For Microsoft, this marks the second eEye advisory it's received this week. On Monday, eEye notified the software giant it had found critical vulnerabilities in Internet Explorer.

The IE vulnerabilities could allow malicious attackers to launch a remote buffer overflow attack should users click on a malicious Web site link.

The flaw, which is rated as a "high" risk, affects IE, Windows XP and SP1, Windows 2003 and Windows 2000.

Microsoft confirmed it received the eEye advisory regarding IE through its standard vulnerability reporting system.

"We are investigating the report and will take appropriate action to help protect customers as part of our normal security response process," a Microsoft representative said. Microsoft issues a monthly bulletin of patches and also has a program of security advisories with work-arounds for unpatched, reported flaws.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
99 out of 178 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Desktop platforms



Company/Topic Alerts

Create a new alert from the list below:








Related Jobs

ASP.net, C# Web Site Systems Developer / Digital Agency

Penetration Test Consultant

Senior Penetration Tester (London)

Video icon

Video

Microsoft Windows 7 Special Report Special Report

How Microsoft can make Windows 7 a success

How Microsoft can make Windows 7 a success

Comment Many businesses have given Vista a wide berth; Microsoft must focus on five areas to make sure Windows 7 doesn't suffer the same fate, argues TechRepublic's Jason Hiner

News Microsoft: Many Windows 7 features can be disabled

Leader Windows 7 — as good as it gets

More Special Reports

Desktop Management Benchmarking

Test Your Desktop Management Systems

How good are your company's desktop management solutions? How do they compare with those of your peers?

Take two minutes to complete our new Desktop Management and Energy Consumption benchmark, and find out what issues your business needs to focus on.


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters