
Information Security News mailing list archives
Unpatched Microsoft bugs raise red flags
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 9 Sep 2009 00:14:14 -0500 (CDT)
http://www.computerworld.com/s/article/9137731/Unpatched_Microsoft_bugs_raise_red_flags?taxonomyId=17 By Robert McMillan September 8, 2009 IDG News Service Microsoft has released its security updates for the month of September, but a couple of unpatched flaws have some security experts wondering if the software company will be forced to release an emergency patch sometime in the month ahead. Security researchers believe that an unpatched flaw in the SMB (Server Message Block) 2 software that ships with Windows Vista and Windows Server 2008 could turn into a major headache. Proof of concept code showing how the bug could be leveraged to crash a Windows machine was posted Monday to the Full Disclosure mailing list by Laurent Gaffie. But security experts believe that more serious attacks are possible. Kostya Korchinsky, a senior security researcher with security-assessment software vendor Immunity, said the flaw could be exploited in a privilege-escalation attack. This type of attack is used once the attacker has already found a way to run software on the victim's machine. It gives the hacker a way of accessing system resources that would otherwise be prohibited. [...] ________________________________________ Please Donate to the Ron Santo Walk to Cure Diabetes with Ethan's Crew! http://www.c4i.org/ethan.html
Current thread:
- Unpatched Microsoft bugs raise red flags InfoSec News (Sep 08)