new security hole in Windows 2k/xp

[Schadenfroh]

run windows update

KB828028



Text

A security vulnerability exists in the Microsoft ASN.1 Library that could allow code execution on an affected system. The vulnerability is caused by an unchecked buffer in the Microsoft ASN.1 Library, which could result in a buffer overflow.

 

[opticalmace]

new security hole?

i like to think of them as demonspawn that have finally reached maturity

and oh boy is there a whole bunch more!

 

[Batti]

And it only took them 200 days to patch this one. Expect the worms soon, Blaster II is coming! :disgust:

 

[michaelh20]

This file is installed as part of the MS03-041 Windows NT 4.0 security update and other possible non-security-related hotfixes. If the Windows NT 4.0 security update for MS03-041 is not installed, this may not be a required update.

lol

 

[FoBoT]

the security bulletin on this one is a bit vague, but drudgereport.com has a link to a story on the BBC that indicates this is a LARGE hole

linked story BBC News

Marc Maiffret of eEye Digital Security, the US company that discovered the Windows flaw, said it was a major issue.

"This is one of the most serious Microsoft vulnerabilities ever released," said Mr Maiffret.

"The breadth of systems affected is probably the largest ever."

He added: "This is something that will let you get into internet servers, internal networks, pretty much any system."

this is the guy that found the problem, so he is of course going to hype it up

 

[Bassyhead]

another one, eh

 

[FoBoT]

this article has more details

this is what is published by the dude that found it

eEye Digital Security has discovered a critical vulnerability in Microsoft's ASN.1 library (MSASN1.DLL) that would allow an attacker to overwrite heap memory on a susceptible machine and cause the execution of arbitrary code. Because this library is widely used by Windows security subsystems, the vulnerability is exposed through an array of avenues, including Kerberos, NTLMv2 authentication, and applications that make use of certificates (SSL, digitally-signed e-mail, signed ActiveX controls, etc.).

 

[MercenaryForHire]

Aaaaand cue the Linux Zealots!

- M4H

 

[Mookow]

Originally posted by: MercenaryForHire
Aaaaand cue the Linux Zealots!

- M4H

Screw that, windows 98 is looking more and more secure

 

[Xionide]

Originally posted by: Mookow

Originally posted by: MercenaryForHire
Aaaaand cue the Linux Zealots!

- M4H

Screw that, windows 98 is looking more and more secure

Thats kind of like saying you have a car with no wheels. It will keep you safe from weather but it aint gettin you NOWHERE!

 

[FoBoT]

night shift might want to fix this

 

[flxnimprtmscl]

Originally posted by: Xionide

Originally posted by: Mookow

Originally posted by: MercenaryForHire
Aaaaand cue the Linux Zealots!

- M4H

Screw that, windows 98 is looking more and more secure

Thats kind of like saying you have a car with no wheels. It will keep you safe from weather but it aint gettin you NOWHERE!

What's frightening is how many people I've seen on this board that still run 98 :Q

 

[amdskip]

Up, this needs to be stickied.

 

[Kadarin]

Originally posted by: Batti
And it only took them 200 days to patch this one.

Woohoo! Go Microsoft!

:disgust:

 

[yukichigai]

My CS professor uses Microsoft as an example of why you should make sure to put buffer overflow checks into your code.

Really, what kind of re-re codes buffers without buffer overflow protection anymore? And what re-re didn't bother to check all the old code for that crap. Wouldn't it be smarter to have an entire department devoted to that?

 

[conjur]

Hmm...Windows Update must be getting hammered.

 

[ScottyB]

Originally posted by: conjur
Hmm...Windows Update must be getting hammered.

It actually froze my computer for about 30 seconds.

 

[dpm]

Originally posted by: Mookow

Originally posted by: MercenaryForHire Aaaaand cue the Linux Zealots! - M4H

Screw that, windows 98 is looking more and more secure

98? Sod that. I went back to MS-DOS 5.1 a year ago. If it gets anyworse I'm going to dig out my old ZX spectrum. BASIC here I come! <puts on tinfoil beanie>

 

[Jzero]

*Logs into SUS
*Click, click, click
Hole? What hole?

 

[CraigRT]

It says that XP with SP2 beta is not affected.. (well its not listed anyways) and I can't install the update.. interesting.

 

[Ogg]

Originally posted by: Jzero
*Logs into SUS
*Click, click, click
Hole? What hole?

Thats right baby....:beer:

Set up a SUS server suckers
Its free and easy and its Microsoft:Q

 

[sillymofo]

Can we have the MODs sticky the Windows security holes thread, because there will always be a security hole in Winduh.

 

[SagaLore]

Originally posted by: Ogg

Originally posted by: Jzero
*Logs into SUS
*Click, click, click
Hole? What hole?

Thats right baby....:beer:

Set up a SUS server suckers
Its free and easy and its Microsoft:Q

Yea but you have to enable Windows Update manually and each machine, right?

 

[Jzero]

Originally posted by: SagaLore

Originally posted by: Ogg

Originally posted by: Jzero
*Logs into SUS
*Click, click, click
Hole? What hole?

Thats right baby....:beer:

Set up a SUS server suckers
Its free and easy and its Microsoft:Q

Yea but you have to enable Windows Update manually and each machine, right?

Group Policy rules the pool! I can force any host on my domain to get their updates from a SUS server. Even got multiple SUS servers to handle different sets of patches.