-
August 4th, 2005, 02:40 PM
#1
Worm hole in Windows 2000
A serious flaw has been discovered in a core component of Windows 2000, with no possible work-around until it gets fixed, a security company said. The vulnerability in Microsoft's operating system could enable remote intruders to enter a PC via its Internet Protocol address,
Marc Maiffret, chief hacking officer at eEye Digital Security, said on Wednesday. As no action on the part of the computer user is required, the flaw could easily be exploited to create a worm attack, he noted. What may be particularly problematic with this unpatched security hole is that a work-around is unlikely,
he said. "You can't turn this (vulnerable) component off," Maiffret said. "It's always on. You can't disable it. You can't uninstall."
eEye declined to give more details on the flaw or the Windows 2000 component in question. As part of company policy, it does not release technical details of the vulnerabilities it finds until the software's maker has released either a patch or an advisory.
http://www.hackinthebox.org/modules....icle&sid=17660
Worm hole found in Windows 2000 :: Hack In The Box :: Keeping Knowledge Free
Eg
-
August 4th, 2005, 02:53 PM
#2
Errr.... Their web site hasn't published any new vuln since June 23rd and there is no mention of this on the web site. Considering the potential harm that could be wreaked worldwide one would think that they'd be all over this......
I dunno.... Smacks of FUD to me..... Especially the phrase "The vulnerability in Microsoft's operating system could enable remote intruders to enter a PC via its Internet Protocol address". That's a bloody unusual way for a worm to travel, IP to IP.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
August 4th, 2005, 02:58 PM
#3
Hi TS,
According to the date on CNET...
Worm hole found in Windows 2000
Published: August 3, 2005, 1:40 PM PDT
I assume this is new...
http://news.com.com/Worm+hole+found+...3-5817400.html
Worm hole found in Windows 2000 | CNET News.com
I normally check source links before posting.
Eg
-
August 4th, 2005, 03:06 PM
#4
Yeah.... Wasn't there a Cisco flaw about a year ago that was going to bring the internet to it's knees?
They are implying that they have found a serious flaw in the underlying protocol stack that allows remote code execution. Since they say that this can't be turned off one has to wonder what component it could possibly be since I can disable the network card. Are they implying that disabling the card doesn't work? Or are they assuming that the card remains enabled and that the stack IP stack itself is flawed _even_ when no service is listening or that there is a service that can't be turned off that is vulnerable?
The plain lack of any usable information concerns me......
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
August 4th, 2005, 03:21 PM
#5
Hi TS,
Also found here...
http://news.zdnet.com/2100-1009_22-5817400.html
Worm hole found in Windows 2000 | Tech News on ZDNet
it's making it's rounds.
The plain lack of any usable information concerns me
But they did say that until there is a patch they do not want to release potentially detrimental information.
Eg
-
August 4th, 2005, 04:12 PM
#6
Well...here's the page on the web...under upcoming advisories...guess whoever is responsible for maintaining their website is slow on the draw...
http://www.eeye.com/html/research/up.../20050801.html
eEye - Vulnerability Assessment and Intrusion Prevention Network Security Software
and it seems to be getting picked up by everyone...
http://software.silicon.com/security...51021%2c00.htm
Windows 2000 open to IP attack - Security Strategy - Breaking Business and Technology News at silicon.com
http://www.vnunet.com/vnunet/news/21...2000-wide-open
IP flaw leaves Windows 2000 wide open - vnunet.com
http://www.smoothwall.net/informatio...tem.php?id=819
SmoothWall
I can't imagine all these sites picking up on a story that is essentially flawed...but it's possible.
Eg
-
August 4th, 2005, 04:20 PM
#7
Ahhh.... I see.....
I took a look through the rest of their advisories..... A pattern emerges.... The detection and fix is often EEye's products.... Funny huh?
Unless someone gives me a bit more of a clue than "The sky is falling" I'm going to take the "pinch of salt routine".
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
August 4th, 2005, 04:26 PM
#8
Hi TS,
I noticed that too looking over their site...and I agree they do seem to be opportunists...probably why they look for vunerabilities in the first place ...
still doesn't make the information wrong. I doubt that all these other security sites picking this up are being duped...and as yet I haven't read any criticism from these sites in regards to the vunerability.
Eg
-
August 4th, 2005, 04:48 PM
#9
and as yet I haven't read any criticism from these sites in regards to the vunerability.
Because there is nothing to criticize?.....
I personally dislike this form of "disclosure/marketing". If you aren't going to tell me enough to determine whether or not I need to start planning action don't bother telling me anything. All they are doing is wasting my time and it smacks of playground oneupmanship of the "I know a secret and I'm not telling you" kind. The only person that might benefit from this type of disclosure is EEye. They should tell me how good they are later and leave me in peace right now.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
August 4th, 2005, 05:06 PM
#10
Hi TS,
Well..I suppose it's a wait-and-see until Microsoft checks it out and reports back...
A Microsoft representative said the software giant will issue a comment once it has had a chance to review the eEye advisory, which has yet to be posted on the security company's website.
from the silicon.com site posted above
I assume eEye will post not long after according to their release policy.
Eg
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|