Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Worm hole in Windows 2000

  1. #1
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171

    Worm hole in Windows 2000

    A serious flaw has been discovered in a core component of Windows 2000, with no possible work-around until it gets fixed, a security company said. The vulnerability in Microsoft's operating system could enable remote intruders to enter a PC via its Internet Protocol address,

    Marc Maiffret, chief hacking officer at eEye Digital Security, said on Wednesday. As no action on the part of the computer user is required, the flaw could easily be exploited to create a worm attack, he noted. What may be particularly problematic with this unpatched security hole is that a work-around is unlikely,

    he said. "You can't turn this (vulnerable) component off," Maiffret said. "It's always on. You can't disable it. You can't uninstall."

    eEye declined to give more details on the flaw or the Windows 2000 component in question. As part of company policy, it does not release technical details of the vulnerabilities it finds until the software's maker has released either a patch or an advisory.
    http://www.hackinthebox.org/modules....icle&sid=17660
    Worm hole found in Windows 2000 :: Hack In The Box :: Keeping Knowledge Free

    Eg

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Errr.... Their web site hasn't published any new vuln since June 23rd and there is no mention of this on the web site. Considering the potential harm that could be wreaked worldwide one would think that they'd be all over this......

    I dunno.... Smacks of FUD to me..... Especially the phrase "The vulnerability in Microsoft's operating system could enable remote intruders to enter a PC via its Internet Protocol address". That's a bloody unusual way for a worm to travel, IP to IP.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171
    Hi TS,

    According to the date on CNET...

    Worm hole found in Windows 2000
    Published: August 3, 2005, 1:40 PM PDT
    I assume this is new...

    http://news.com.com/Worm+hole+found+...3-5817400.html
    Worm hole found in Windows 2000 | CNET News.com

    I normally check source links before posting.

    Eg

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Yeah.... Wasn't there a Cisco flaw about a year ago that was going to bring the internet to it's knees?

    They are implying that they have found a serious flaw in the underlying protocol stack that allows remote code execution. Since they say that this can't be turned off one has to wonder what component it could possibly be since I can disable the network card. Are they implying that disabling the card doesn't work? Or are they assuming that the card remains enabled and that the stack IP stack itself is flawed _even_ when no service is listening or that there is a service that can't be turned off that is vulnerable?

    The plain lack of any usable information concerns me......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171
    Hi TS,

    Also found here...

    http://news.zdnet.com/2100-1009_22-5817400.html
    Worm hole found in Windows 2000 | Tech News on ZDNet

    it's making it's rounds.

    The plain lack of any usable information concerns me
    But they did say that until there is a patch they do not want to release potentially detrimental information.

    Eg

  6. #6
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171
    Well...here's the page on the web...under upcoming advisories...guess whoever is responsible for maintaining their website is slow on the draw...

    http://www.eeye.com/html/research/up.../20050801.html
    eEye - Vulnerability Assessment and Intrusion Prevention Network Security Software

    and it seems to be getting picked up by everyone...

    http://software.silicon.com/security...51021%2c00.htm
    Windows 2000 open to IP attack - Security Strategy - Breaking Business and Technology News at silicon.com

    http://www.vnunet.com/vnunet/news/21...2000-wide-open
    IP flaw leaves Windows 2000 wide open - vnunet.com

    http://www.smoothwall.net/informatio...tem.php?id=819
    SmoothWall

    I can't imagine all these sites picking up on a story that is essentially flawed...but it's possible.

    Eg

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Ahhh.... I see.....

    I took a look through the rest of their advisories..... A pattern emerges.... The detection and fix is often EEye's products.... Funny huh?

    Unless someone gives me a bit more of a clue than "The sky is falling" I'm going to take the "pinch of salt routine".
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171
    Hi TS,

    I noticed that too looking over their site...and I agree they do seem to be opportunists...probably why they look for vunerabilities in the first place ...

    still doesn't make the information wrong. I doubt that all these other security sites picking this up are being duped...and as yet I haven't read any criticism from these sites in regards to the vunerability.

    Eg

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    and as yet I haven't read any criticism from these sites in regards to the vunerability.
    Because there is nothing to criticize?.....

    I personally dislike this form of "disclosure/marketing". If you aren't going to tell me enough to determine whether or not I need to start planning action don't bother telling me anything. All they are doing is wasting my time and it smacks of playground oneupmanship of the "I know a secret and I'm not telling you" kind. The only person that might benefit from this type of disclosure is EEye. They should tell me how good they are later and leave me in peace right now.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171
    Hi TS,

    Well..I suppose it's a wait-and-see until Microsoft checks it out and reports back...
    A Microsoft representative said the software giant will issue a comment once it has had a chance to review the eEye advisory, which has yet to be posted on the security company's website.
    from the silicon.com site posted above

    I assume eEye will post not long after according to their release policy.

    Eg

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •