Computer Crime Research Center

people/Bill.jpg

Microsoft vulnerability helps hackers

Date: August 04, 2005
Source: ZDNet UK
By: Dawn Kawamoto

The vulnerability in Microsoft's operating system could enable remote intruders to enter a PC via its Internet Protocol address, Marc Maiffret, chief hacking officer at eEye Digital Security, said on Wednesday. As no action on the part of the computer user is required, the flaw could easily be exploited to create a worm attack, he noted.

What may be particularly problematic with this unpatched security hole is that a work-around is unlikely, he said.

"You can't turn this (vulnerable) component off," Maiffret said. "It's always on. You can't disable it. You can't uninstall."

eEye declined to give more details on the flaw or the Windows 2000 component in question. As part of company policy, it does not release technical details of the vulnerabilities it finds until the software's maker has released either a patch or an advisory.

A Microsoft representative said the software giant will issue a comment once it has had a chance to review the eEye advisory, which has yet to be posted on the security company's Web site.

The vulnerabilities affect Windows 2000, but Maiffret noted eEye is still conducting tests, and he anticipates other versions of Microsoft's OS will likely be affected.
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo