Niste prijavljeni

Dragi posjetioče, Dobrodošli na Otvoreni Forum - Novi Pazar. Ukoliko je ovo Vaša prva posjeta molimo vas pročitajte Pomoć. U pomoći je objašnjeno kako ovaj forum radi. Morate biti registrirani kako bi vidjeli sve teme i sve forume. Molimo vas da se registrirate ili da ovdje pročitate kako se registrirati. Ukoliko ste već registrirani molimo ulogirajte se ovdje.

Gyerzelez

Zlatna sredina

(10)

  • »Gyerzelez« je autor ove teme

Postovi: 187

Datum registracije: 25.06.2003

  • Poruku poslati

1

Četvrtak, 17. Juli 2003

Nishta novo - kritchne "rupe" u najnovijem Windows OS-u

Selam/vozdra

Evo za zainteresovane, mada nije nishta novo. Preneseno sa http://www.smh.com.au/articles/2003/07/1…035113532.html:

Critical flaw in latest Windows versions
By Online Staff
July 17 2003

Just a day after the US Department of Homeland Security announced a five-year, $US90 million ($A137.51 million) contract with Microsoft, the company has released details of three more vulnerabilities in its products, with one being a critical vulnerability in some versions of the Windows operating system.

The vulnerability affects NT 4.0, NT 4.0 Terminal Services Edition, Windows 2000, Windows XP and Windows Server 2003. It allows an attacker to gain complete control over a remote computer.

The other vulnerabilities relate to an unchecked buffer in the Windows shell (affects XP, rated important) and a cross-site scripting vulnerability in many of the error pages returned by Internet Security and Acceleration Server 2000 (affects ISA Server 2000, rated important).

Patches have been released for these vulnerabilities.

AP adds: "This is one of the worst Windows vulnerabilities ever," said Marc Maiffret, chief hacking officer at eEye Digital Security Inc, of Aliso Viejo, California, whose researchers discovered similar flaws in at least three earlier versions of Windows.

He said that vulnerable corporations "will be Swiss cheese" until they installed the patches - "anybody can walk in and out of their servers".

Microsoft spent hundreds of millions of dollars on security improvements for its latest Windows software, and included technology to defend against hacker attacks known as ``buffer overflows'' that can trick software into accepting dangerous commands.

But four Polish researchers, known as the "Last Stage of Delirium Research Group", said they discovered how to bypass the Microsoft protection three months after the software went on sale.

They promised not to release exploit code for the flaw.

"We're fully aware of the potential impact," group member Tomasz Ostwald said in a telephone interview. "We don't plan to publish this code at the moment. It's too dangerous."

Ostwald said the group, which is highly regarded in the security community, expected to disclose more details of the flaw during technical presentations at upcoming security seminars.

Some researchers said they expected hackers to begin exploiting the flaw within months. Hackers typically examine the patches which Microsoft issues for clues about how to exploit flaws.

"I expect we would see something in a three-month time frame," said Russ Cooper of Herndon, Virginia-based TruSecure Corp.

Selam

Gyerzelez

Social bookmarks