• Hi Guest: Welcome to TRIBE, the online home of TRIBE MAGAZINE. If you'd like to post here, or reply to existing posts on TRIBE, you first have to register. Join us!

Microsoft Warns: Critical Flaw in Windows

Boss Hog

TRIBE Member
Microsoft Warns: Critical Flaw in Windows
Wed 11 February, 2004 02:11

By Reed Stevenson and Elinor Mills Abreu

SEATTLE/SAN FRANCISCO (Reuters) - Microsoft Corp. MSFT.O said on Tuesday a "critical" flaw in most versions of its flagship Windows operating system could allow hackers to break into personal computers and snoop on sensitive data.

Although no computers were reported to have been compromised, the world's largest software maker warned that Windows NT, Windows 2000, Windows XP and Windows Server 2003 were at risk. Microsoft announced the flaw in its monthly security bulletin.

The company offered software updates to fix the software flaw, which it assigned its most severe rating of "critical."

"It does affect all (current) versions of Windows," said Stephen Toulouse, security program manager for Microsoft's Security Response Center. "We're not aware of anyone affected by this at this time."

Marc Maiffret, co-founder of eEye Digital Security, the company that discovered the flaw, criticized Microsoft for taking more than six months to come up with a patch to fix the problem.

The flaw could allow a hacker to break into a computer running Microsoft's Windows operating system in several ways and then use the compromised machine to run malicious programs and steal or delete key data, Maiffret and other experts said.

Last year Microsoft adopted a new monthly patch release program, which it said would let customers more easily apply software fixes for security bugs.

"We contacted Microsoft about these vulnerabilities 200 days ago, which is insane," he said. "Even the most secure Windows networks are going to be vulnerable to this flaw, which is very unique."

Microsoft's Toulouse said the company needed time to make sure it got the fix right, especially given how pervasive the vulnerability is in the software.

"We wanted to make absolutely sure we were doing as broad an investigation as possible," he said.

Windows users can download the patch for the vulnerability from http://www.microsoft.com/security.

WINDOWS UPDATE

"The obvious steps to take are to run Windows Update and install the patches to fix the vulnerabilities as soon as possible," said Craig Schmugar, a virus research manager at Network Associates Inc.'s NET.N McAfee anti-virus unit.

The latest fixes for Microsoft's software are unrelated to the recent virus attacks called MyDoom and its variants, Schmugar said.

Microsoft also released a critical update a week ago, ahead of Tuesday's scheduled release, to fix a patch in its Explorer Web browser that could make PCs vulnerable to attackers.

In addition, Microsoft announced a mid-grade security warning for the latest version of its server products for networked computers.

Two years ago, the Redmond, Washington-based company pledged to make its software products more secure and reliable under an initiative, dubbed "Trustworthy Computing" by Chairman Bill Gates.

But computers running the company's software have been hit by several high-profile attacks since, such as the SQL Slammer, Nimda and SoBig attacks.

On Monday, a new worm called "Doomjuice," an offshoot of the MyDoom worm, emerged, which used personal computers compromised by the original MyDoom worm to attack and attempt to hobble parts of Microsoft's Web site, according to security experts.

The MyDoom worm, as well as its variant MyDoom.B, were designed to entice e-mail recipients to click open an attachment, which then installed malicious software on a personal computer. The worms instructed infected PCs to flood the Web sites of the SCO Group Inc. SCOX.O and Microsoft in an effort to shut them down.

http://www.reuters.co.uk/newsArticle.jhtml?type=technologyNews&storyID=4329978&section=news
 
Alex D. from TRIBE on Utility Room
tribe cannabis accessories silver grinders

The Tesseract

TRIBE Member
ummm yeah
Since when was there NOT a huge, critical flaw in Windows?

I'm with Ditto Much on this...





All these Linux freaks fail to realize that because everyone and their grandmother makes their own version of Linux, the operating system is at a loss for not having a centralized security base. So, various versions can be open to attack. I bet they are often under attack, and that we never hear about it, because none of the linux companies are big enough to say anything.
it could also damage the reputation of linux as well.



So.... GO FREEBSD!!
hahaha(j.k)
 
tribe cannabis accessories silver grinders

Rocky

TRIBE Member
Originally posted by D-Monic
So this effects my Mac how?
Oh, that's right... it doesn't.
:D
Probably not...but Macs are still shit. :p

Anyway...I'm sure that OS/X has security flaws...they just aren't being exploited.

Hey...let's start another Mac vs. PC debate. I always find it funny that the debate always turns out to be a Mac vs. Windows debate...instead of a Mac vs. PC debate.
 

~atp~

TRIBE Member
Originally posted by The Tesseract


All these Linux freaks fail to realize that because everyone and their grandmother makes their own version of Linux, the operating system is at a loss for not having a centralized security base. So, various versions can be open to attack. I bet they are often under attack, and that we never hear about it, because none of the linux companies are big enough to say anything.
it could also damage the reputation of linux as well.


Centralized security base? What do you mean? Different distros all use the same kernel, and all support the same open-source software, it's just the packaging that's different, and that has no role in how secure the system is.

Security in Linux is actually far more progressive than Windows will ever be. WinXP *finally* came out with "Active Directories" which is the biggest load of shit because all it is, is Kerberos wrapped up in a neat little Bill-Gates-approved package. Kerberos was being run on Linux systems since 1988!

If by that you mean that each open-source software group can determine their own set of security standards, that isn't true either. In fact, *nix and bsd-like systems are generally more compliant with NIST standards and the open-source protocol security features defined in the RFCs than Windows will ever be; this is simply because Windows likes to "shake their own" version of everything, which is very frustrating and stupid.

However, your remark about security being a function of popularity/distribution is absolutely correct. Here's a quick exerpt from an article I was reading a while back:

"If Linux were as widely deployed on the desktop as Windows, and you had distributions that were explicitly set up to make them easy for unsophisticated users to use, you'd have a lot more security issues and worms for Linux than you do today," he said. The perception among Linux enthusiasts that "Linux is secure; Windows is woefully insecure" is an inaccurate generalization, Haff said. "If you were grading the two, Linux would get a higher score," but it is not as if Linux would get an "A" and Windows would earn an "F."

While Linux might not be the paragon of security, there are structural and historic reasons for its superior security over Windows, Haff said. Chiefly, this is because Linux "is essentially based on a Unix model, which in turn grew up with the concept of computers being connected to networks. That is less true with Windows."
 

gubydal

TRIBE Member
I
29691535-aecd-00730045-.jpg
my Mac!
 
tribe cannabis accessories silver grinders

seeker

TRIBE Member
Originally posted by The Tesseract

All these Linux freaks fail to realize that because everyone and their grandmother makes their own version of Linux, the operating system is at a loss for not having a centralized security base. So, various versions can be open to attack. I bet they are often under attack, and that we never hear about it, because none of the linux companies are big enough to say anything.
it could also damage the reputation of linux as well.

Fish-BottomTrawling.jpg
 

SENSEi

TRIBE Promoter
Originally posted by Rocky
Probably not...but Macs are still shit. :p
Anyway...I'm sure that OS/X has security flaws...they just aren't being exploited.

No one is gonna waste their time writing a virus that will only effect 5% of the market.

That why Microsoft is such a good target!
 
tribe cannabis accessories silver grinders

johnc

TRIBE Member
Originally posted by The Tesseract

All these Linux freaks fail to realize that because everyone and their grandmother makes their own version of Linux, the operating system is at a loss for not having a centralized security base. So, various versions can be open to attack. I bet they are often under attack, and that we never hear about it, because none of the linux companies are big enough to say anything.
it could also damage the reputation of linux as well.

RedHat Fedora ships now (I believe) with SE Linux, which is so secure that a machine advertised on the internet as having no root password has still not been hacked.

Linux's (and BSD's) security flaws are about having a single root user that has all the power, so once you compromise root you can pretty much do anything. SE Linux is about making the kernel have multiple layers of security, so gaining access to one part in particular (like say Apache Web Server) does not corrupt the system as a whole.
 

seeker

TRIBE Member
Originally posted by johnc
RedHat Fedora ships now (I believe) with SE Linux, which is so secure that a machine advertised on the internet as having no root password has still not been hacked.

Linux's (and BSD's) security flaws are about having a single root user that has all the power, so once you compromise root you can pretty much do anything. SE Linux is about making the kernel have multiple layers of security, so gaining access to one part in particular (like say Apache Web Server) does not corrupt the system as a whole.

don't feed the trolls, john. anybody who has been on the 'net in the last 5 yrs and has heard about linux knows that what he's laying out here is bullshit.

(hi, BTW! coming for Mills?)
 

Deus

TRIBE Member
All the other operating systems are have just as many flaws, except they are not being exploited by jealous hackers because they are not made by multibillionaire Billy Gates. If suddenly Microsoft declined and Mac increased in popularity and the Apple company became the leading one, there would be a lot more flaws in the OS because people would actually look to find them.
 

johnc

TRIBE Member
SE Linux does not have this flaw.
To this day, no one has been able to compromise that advertised computer.

The main reason that SE Linux has not been fully utilized yet in the industry is that many Linux apps need to be updated in order take advantage of these extra tiers of security, and that they all haven't done so as of yet.
 
tribe cannabis accessories silver grinders
Top