Microsoft XP finally fixes 8 month old flaw allowing hackers to
access your computer.
Critical vulnerability could give hackers 'complete control' possibly
using your connection to send junk mail etc.
Microsoft is warning of yet another critical flaw which could
give hacker's complete control over computers running
one of several versions of its operating system.
The software giant confirmed that the flaw affects Microsoft Windows
NT 4.0, NT Server 4.0 Terminal Server Edition, Windows 2000, XP
and Server 2003. Systems administrators should apply the update
immediately, Microsoft said.
The security vulnerability exists in the Microsoft Abstract Syntax
Notation 1 (ASN.1) Library, deep within the system code.
Microsoft said an attacker using a buffer overflow to exploit
the vulnerability could execute code with system privileges on
an affected system.
"The attacker could then take any action on the system, including
installing programs, viewing data, changing data, deleting data,
or creating new accounts with full privileges," the company
warned.
But Microsoft said in the most likely exploitable scenario, an
attacker would have to have direct access to the user's network.
Server systems are at greater risk than client computers because
they are more likely to have a server process running that decodes
ASN.1 data.
ASN.1 is a data standard used by many applications to allow the
understanding of data across various platforms.
Although Microsoft has known about the flaw since last July, it
claims that the breadth of systems affected has caused the long
delay before a one-patch-fixes-all release could be issued.
Microsoft has come under fire for weaknesses in its software.
Only last week it issued an emergency fix for Internet Explorer,
fixing a flaw exploited by hackers to imitate websites in so-called
'phishing' attacks for users' personal details. Most online bank
accounts have been warning about this for some time. Statistics
show that in the first few months of 'phishing' over 6% of people
revealed their credit card and/or bank account details.
http://www.microsoft.com/security/ |