__/ [ AB ] on Tuesday 13 March 2007 17:58 \__
> http://blogs.zdnet.com/security/?p=123
>
> On October 22, 2004, Argentine hacker Cesar Cerrudo approached
> Microsoft with the discovery of a Windows Kernel GDI local privilege
> escalation vulnerability. At the time, Cerrudo said Redmond's
> security response team deemed it a "design problem" and filed it
> away as something "to be fixed in a future service pack."
>
> Late last year, during LMH's month of kernel bugs project, details
> on this bug again surfaced with debugger information a note that it
> remains unpatched after more than two years.
>
> Now comes word from Immunity Inc.'s Dave Aitel that his research
> team has written a reliable exploit that gives an attacker local
> root access on Windows 2000 and Windows XP systems. The exploit has
> been released to Immunity's partner program, which offers up-to-the
> minute information on new vulnerabilities and exploits to IDS
> (intrusion detection companies) and larger penetrating testing
> firms."Everyone now has local root, which is useful on pen tests,"
> says Aitel.
>
> Interestingly, the U.S. government's NVD (national vulnerability
> database) gives this flaw a high severity rating ? CVSS 7.0 ? and
> warns that it could be exploited to gain administrator access and
> compromise the confidentiality of and integrity of data on Windows
> 2000 through 2000 SP4 and Windows XP through SP2.
>
> Don't fret Vista users. If this doesn't work for you now I'm sure MS
> will get around to patching the Vista kernel so it does work.
"Future Service Pack", they said. Will Windows XP ever see a real Service
Pack 3? It has already been delayed at least once (2008, IIRC). With Vista
having major issues, one wonders if the DRM-infected O/S will be forced upon
everyone as a future route. That would drive many businesses and homes to
Apple and GNU/Linux. A real dilemma here.
Links:
Microsoft's New Look in 2007
,----[ Quote ]
| Well, XP lasted five years, so a Vista world could very well be
| five to seven years from today, so that is a long time and a
| lot can happen to predict. But Microsoft basically proved that
| it was incapable of producing a new release. Nearly all of the
| goals of Vista were not achieved. They kept cutting back, kept
| cutting back, and so this is like -- Vista today is more like SP4.
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
`----
http://www.fool.com/investing/value/2007/01/04/microsofts-new-look-in-2007.aspx?source=eptyholnk303100&logvisit=y&npu=y
http://tinyurl.com/yygv3w
Microsoft admits Vista screwed - report
,----[ Quote ]
| Vista SP1 is code named "Fiji", presumably after a pretty looking
| island which is paralysed by coups.
|
| In a statement regarding the service pack Microsoft admits that
| Vista has "high impact" problems.
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
`----
http://www.theinquirer.net/default.aspx?article=37125
,----[ Quote ]
| "Up to 60% of the code in the new consumer version of Microsoft new Vista
| ^^^^^^^^^^^^^^^^^^^^^^
| operating system is set to be rewritten as the Company 'scrambles' to fix
| internal problems a Microsoft insider has confirmed to SHN... Microsoft has
| also admitted that it has major problems in it's Windows division and has
| has immediately initiated a total restructure of the division..."
`----
http://www.smarthouse.com.au/Computing/Platforms?Article=/Computing/Platforms/R7G5G6U4
--
~~ Best wishes
Roy S. Schestowitz | http://debian.org
http://Schestowitz.com | RHAT GNU/Linux ¦ PGP-Key: 0x74572E8E
run-level 5 Mar 11 15:57 last=S
http://iuron.com - help build a non-profit search engine
|
|
