241 Posted February 14, 2004 Share Posted February 14, 2004 Microsoft warns of new critical flaw in Windows Microsoft has admitted there is another 'critical' flaw in Windows which could allow a hacker to take control of a vulnerable machine. The flaw is the result of an unchecked buffer in the ASN.1 Library in many versions of Windows. A programmer who managed to generate a buffer overflow by exploiting the vulnerability can obtain full privileges on the machine and can change or delete data or run malicious code on the target system. ASN.1 (Abstract Syntax Notation 1) is an industry standard method of normalisation of data across various platforms. The flaw was identified by eEye Securities in July last year although Microsoft has only now got round to admitting the problem and issuing a fix. eEye says that because the ASN.1 library is widely used by Windows security subsystems, the vulnerability can be accessed through various routes such as Kerberos, NTLMv2 authentication, and applications that make use of certificates such as SSL, digitally-signed e-mail and signed ActiveX controls. Amongst the vulnerable versions of Windows affected are Windows NT Workstation 4.0 Service Pack 6a, Windows NT Server 4.0 Service Pack 6a, Windows NT Server 4.0 Terminal Server Edition Service Pack 6, Windows 2000 Service Packs 2, 3, and 4, Windows XP, Windows XP Service Pack , Windows XP 64-Bit Edition, Windows XP 64-Bit Edition Service Pack 1, Windows XP 64-Bit Edition Version 2003, Windows XP 64-Bit Edition Version 2003 Service Pack 1 and Windows Server 2003, Windows Server 2003 64-Bit Edition. Microsoft has issued patches for all these systems, which can be found here. This latest alert follows the announcement of several 'critical' flaws found in Internet Explorerlast week. Microsoft has recently announced that security is its 'top priority'. Steve Malone Could this vulnerability and the recent patches be what is affecting some peoples sites SSL as discussed in several topics in the forum lately? No longer giving free advice. Please place deposit in meter slot provided. Individual: [=] SME: [==] Corporation: [===] If deposit does not fit one of the slots provided then you are asking too much! Is your Osc dated try Phoenix raising oscommerce from the ashes. Link to comment Share on other sites More sharing options...
Guest Posted February 16, 2004 Share Posted February 16, 2004 Unlikely - I am running the above without a problem yet on a correctly configured osCommerce site. Matti Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.