Home / Microsoft warning of what could be worst-ever flaw

Microsoft warning of what could be worst-ever flaw

Windows users should act immediately to patch their systems against potentially the worst vulnerability yet discovered, researchers warned this week.

Windows users should act immediately to patch their systems against potentially the worst vulnerability yet discovered, researchers warned this week.

On Tuesday, Microsoft released a fix for the flaw, which affects every computer running Windows NT, Windows 2000, Windows XP or Windows Server 2003. Even Microsoft’s trial version of Windows XP 64-Bit edition, only released this month, is affected.

The flaw is in Windows Abstract Syntax Notation One (ASN.1) library, which is the protocol that helps to define how messages are sent between Windows applications. The flaw allows a potential attacker to overwrite heap memory with arbitrary data allowing for the execution of malicious code, security research firm eEye Digital Security said. This would allow an attacker to seize control of the machine and pretty much do what he liked with itThe firm discovered the flaw nearly six months ago and has been working with Microsoft since to develop a patch.

According to eEye the flaw is similar to other such vulnerabilities that have been exploited by hackers in the past: except worse. It is “more dangerous than previous flaws that spawned Nimda, Code Red and Sapphire worms,” it said in an advisory.

“With these findings of potentially catastrophic vulnerabilities, it is imperative that organisations immediately apply the correct patches to ensure their systems are secure,” said Marc Maiffret, chief hacking officer of eEye Digital Security.

Users are urged to visit Microsoft’s site and download the appropriate patches as quickly as possible.

Follow us to get the most comprehensive technology news in UAE delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.

CHANNEL AWARD 2018