LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (https://www.linuxquestions.org/questions/general-10/)
-   -   Microsoft is not able to patch its code! (https://www.linuxquestions.org/questions/general-10/microsoft-is-not-able-to-patch-its-code-165304/)

Nukem 04-02-2004 05:58 AM

Microsoft is not able to patch its code!
 
From Astalavista.com

Quote:

eEye, a very well known security company, discovered 200 days ago two flaws in Microsoft products. As usually eEye notified to Microsoft these problems and now it (and WE!) is still waiting for these patches. eEye is attacking Microsoft for not releasing patches for these two critical security flaws. These flaws affect all versions of Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003 and it's possible to exploit them remotely.

One vulnerability can allow an attacker to conduct a Denial of Service attack against default installations of the affected software and the system will have a total crash.

The second can allow an anonymous attacker to compromise default installations of the affected software and will give, to the remote attacker, SYSTEM access, the highest possible level of access.

According to eEye more than 300 million machines are vulnerable to these flaws but there are no evidences that someone is trying to attack machines using it.

In the past the Microsoft patching system has had the same problem of slowness, we want to remind you that Microsoft took some months to patch a high-risk flaw in the ASN.1 library. eEye adds that there are two more known vulnerabilities, that in a month or two will hit the 200-day mark.
Thought you should also see this.

Quote:

Earlier today (March 29, 2004), one Microsoft web site ( http://register.microsoft.co.kr ) was compromised and defaced on the Microsoft Korea (microsoft.co.kr) network. The machine was defaced (and is still defaced 15.25 GMT) initially (...) by a Brazilian defacer/group know as "c0derz". The defacer obtained an unauthorized access to this system by using a misconfiguration in the Frontpage Estensions. After some minutes many other defacers crew has started to redeface the same site. "Silver Lords", "int3rc3pt0r" take part to this "tour" in the Microsoft site. The funny thing is that also Microsoft is defaced by using a very common error in the configuration of the Frontpage Extensions, we must consider the following: where is the security if also Microsoft is hacked by using a misconfiguration in their own product while they should know everything about it?

You can see the mirror of this defacement at the following url:

http://www.zone-h.org/en/defacements/view/id=1090606 /


Lleb_KCir 04-02-2004 11:46 AM

could you link the artical from eEye for me please. id love to read the full write up on that.

320mb 04-02-2004 12:08 PM

http://www.eeye.com/html/Research/Upcoming/index.html
http://www.eeye.com/html/Research/Advisories/index.html

read the first link first!!!!

Lleb_KCir 04-02-2004 12:39 PM

thanks.


All times are GMT -5. The time now is 08:58 AM.