Posted on 11/29/2005 6:15:17 AM PST by Panerai
Computer code posted over the weekend can crash vulnerable computers by exploiting a Windows flaw disclosed in October.
The exploit code takes advantage of a flaw Microsoft tagged as "critical." The bug lies in a Windows component for transaction processing called the Microsoft Distributed Transaction Coordinator, or MSDTC. Microsoft addressed the flaw in security bulletin MS05-051.
"Initial investigation of this exploit code has verified that successful exploitation could lead to a denial of service attack...and not remote code execution," a Microsoft representative said in a statement. In a denial of service attack a computer would crash, while remote code execution would mean the attacker has full control over a PC.
Users who have applied the MS05-051 patch are protected against exploitation of the flaw, Microsoft said. The patch has been available since Oct. 11, but some users have reported problems with applying the update. In other news:
This is not the first exploit code for the MSDTC flaw, but it is the first to be published publicly on the Internet. The first exploit was created by security vendor Immunity for users of its penetration testing product.
When Microsoft released its patches, experts were quick to warn that the MSDTC flaw could spawn an attack similar to the Zotob worm that wreaked havoc in August. Such an attack has not occurred. However, the public posting of exploit code could be a sign that an attack is coming, experts have said.
Microsoft said it is not aware of any current attacks that use the latest exploit code. The software maker urges all customers to apply the most recent security updates to protect their systems.
Shall we start a pool for the posting number of the first "buy Mac" reply?
How about a poll for the Linux users to jump on here saying use Linux?
Or how about a request from Windows users for MS to release a version of Windows for home users without any of these fancy features?
This is just another reminder how critical it is to keep your system updated with the latest security patches.
I pick by post 8.
Buy a Mac
The prize for the pool is my old copy of Windows ME.
Any wonder why I say "I don't do windows"?
Use Linux. ;)
Or maybe "real men aren't afraid of security bugs and viruses."
I think this may start a (yet another) fight with the iMoonies.
Hey, i still use Windows ME on my old laptop. It's not a bad system if one keeps the registry clean. The System Restore feature which it shares with Windows XP is a good thing. Admittedly, it can be buggy, but i believe that it got a worse rap than it deserves.
I thought it was pretty twitchy. XP is immensely more stable. But it may have been the AMD Athelon CPU I used in conjunction with ME.
Patch has been out for weeks. Plus MS auto-update is completely free for actual owners. I guess that leaves us with those running illegal copies or too stupid to install critical patches. Don't forget to actually blame the hackers either, since some want to give them a free pass instead.
DCOM a fancy feature?
But if you have a request of M$ I suggest you contact them and not Freerepublic.
That reminds me of an old site that said it would convert your machine to a MAC. It then used DHTML to do all kinds of fancy stuff and your machine looked just like a MAC. For non-techies it spooked them when I sent them a link to the site and then next thing they saw was a MAC and they had no idea how to get out of it (so they manually turned off the power).
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.