Microsoft warning of what could be worst-ever flaw

Windows users should act immediately to patch their systems against potentially the worst vulnerability yet discovered, researchers warned this week.

  • E-Mail
By  Peter Branton Published  February 11, 2004

Windows users should act immediately to patch their systems against potentially the worst vulnerability yet discovered, researchers warned this week. On Tuesday, Microsoft released a fix for the flaw, which affects every computer running Windows NT, Windows 2000, Windows XP or Windows Server 2003. Even Microsoft’s trial version of Windows XP 64-Bit edition, only released this month, is affected. The flaw is in Windows Abstract Syntax Notation One (ASN.1) library, which is the protocol that helps to define how messages are sent between Windows applications. The flaw allows a potential attacker to overwrite heap memory with arbitrary data allowing for the execution of malicious code, security research firm eEye Digital Security said. This would allow an attacker to seize control of the machine and pretty much do what he liked with itThe firm discovered the flaw nearly six months ago and has been working with Microsoft since to develop a patch. According to eEye the flaw is similar to other such vulnerabilities that have been exploited by hackers in the past: except worse. It is “more dangerous than previous flaws that spawned Nimda, Code Red and Sapphire worms,” it said in an advisory. “With these findings of potentially catastrophic vulnerabilities, it is imperative that organisations immediately apply the correct patches to ensure their systems are secure,” said Marc Maiffret, chief hacking officer of eEye Digital Security. Users are urged to visit Microsoft’s site and download the appropriate patches as quickly as possible.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code