Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Attack code out for 'critical' Windows flaw
Cnet ^ | 11/29/2005

Posted on 11/29/2005 6:15:17 AM PST by Panerai

Computer code posted over the weekend can crash vulnerable computers by exploiting a Windows flaw disclosed in October.

The exploit code takes advantage of a flaw Microsoft tagged as "critical." The bug lies in a Windows component for transaction processing called the Microsoft Distributed Transaction Coordinator, or MSDTC. Microsoft addressed the flaw in security bulletin MS05-051.

"Initial investigation of this exploit code has verified that successful exploitation could lead to a denial of service attack...and not remote code execution," a Microsoft representative said in a statement. In a denial of service attack a computer would crash, while remote code execution would mean the attacker has full control over a PC.

Users who have applied the MS05-051 patch are protected against exploitation of the flaw, Microsoft said. The patch has been available since Oct. 11, but some users have reported problems with applying the update. In other news:

This is not the first exploit code for the MSDTC flaw, but it is the first to be published publicly on the Internet. The first exploit was created by security vendor Immunity for users of its penetration testing product.

When Microsoft released its patches, experts were quick to warn that the MSDTC flaw could spawn an attack similar to the Zotob worm that wreaked havoc in August. Such an attack has not occurred. However, the public posting of exploit code could be a sign that an attack is coming, experts have said.

Microsoft said it is not aware of any current attacks that use the latest exploit code. The software maker urges all customers to apply the most recent security updates to protect their systems.


TOPICS:
KEYWORDS: buyamac; flaw; microsoft; msdtc; patch; security; uselinux; windows

1 posted on 11/29/2005 6:15:18 AM PST by Panerai
[ Post Reply | Private Reply | View Replies]

To: Panerai

Shall we start a pool for the posting number of the first "buy Mac" reply?


2 posted on 11/29/2005 6:21:01 AM PST by The_Victor (If all I want is a warm feeling, I should just wet my pants.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: The_Victor

How about a poll for the Linux users to jump on here saying use Linux?


3 posted on 11/29/2005 6:26:54 AM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 2 | View Replies]

To: for-q-clinton

Or how about a request from Windows users for MS to release a version of Windows for home users without any of these fancy features?


4 posted on 11/29/2005 6:27:59 AM PST by proxy_user
[ Post Reply | Private Reply | To 3 | View Replies]

To: Panerai

This is just another reminder how critical it is to keep your system updated with the latest security patches.


5 posted on 11/29/2005 6:28:04 AM PST by kevkrom (Thank you... I'll be here all week. Don't forget to tip your waitress. (And try the veal!))
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

6 posted on 11/29/2005 6:28:07 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: The_Victor

I pick by post 8.


7 posted on 11/29/2005 6:31:34 AM PST by Tribune7
[ Post Reply | Private Reply | To 2 | View Replies]

To: Tribune7

Buy a Mac


8 posted on 11/29/2005 6:31:49 AM PST by Tribune7
[ Post Reply | Private Reply | To 7 | View Replies]

To: Tribune7

The prize for the pool is my old copy of Windows ME.


9 posted on 11/29/2005 6:39:32 AM PST by The_Victor (If all I want is a warm feeling, I should just wet my pants.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Panerai

Any wonder why I say "I don't do windows"?


10 posted on 11/29/2005 6:49:01 AM PST by sr4402
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

Use Linux. ;)


11 posted on 11/29/2005 6:52:43 AM PST by newzjunkey (Why we fight for a free Iraq: http://massgraves.info/ -- Don't spare Tookie, Arnold!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: The_Victor; for-q-clinton
After that we need to bring up a pool for 'I would buy a mac but I'm not gay' and 'OpenSource is for Lefty moonbats'
12 posted on 11/29/2005 7:04:48 AM PST by N3WBI3 (If SCO wants to go fishing they should buy a permit and find a lake like the rest of us..)
[ Post Reply | Private Reply | To 2 | View Replies]

To: N3WBI3
After that we need to bring up a pool for 'I would buy a mac but I'm not gay' and 'OpenSource is for Lefty moonbats'

Or maybe "real men aren't afraid of security bugs and viruses."

I think this may start a (yet another) fight with the iMoonies.

13 posted on 11/29/2005 7:09:56 AM PST by The_Victor (If all I want is a warm feeling, I should just wet my pants.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: proxy_user
Or how about a request from Windows users for MS to release a version of Windows for home users without any of these fancy features?

Been there, done that.

14 posted on 11/29/2005 7:09:58 AM PST by Willie Green (Go Pat Go!!!)
[ Post Reply | Private Reply | To 4 | View Replies]

To: proxy_user; Willie Green
You could always try this edition.
15 posted on 11/29/2005 7:15:35 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 4 | View Replies]

To: The_Victor
The prize for the pool is my old copy of Windows ME.

Hey, i still use Windows ME on my old laptop. It's not a bad system if one keeps the registry clean. The System Restore feature which it shares with Windows XP is a good thing. Admittedly, it can be buggy, but i believe that it got a worse rap than it deserves.

16 posted on 11/29/2005 7:16:16 AM PST by Calvinist_Dark_Lord (I have come here to kick @$$ and chew bubblegum...and I'm all outta bubblegum! ~Roddy Piper)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Calvinist_Dark_Lord
Hey, i still use Windows ME on my old laptop. It's not a bad system if one keeps the registry clean. The System Restore feature which it shares with Windows XP is a good thing. Admittedly, it can be buggy, but i believe that it got a worse rap than it deserves.

I thought it was pretty twitchy. XP is immensely more stable. But it may have been the AMD Athelon CPU I used in conjunction with ME.

17 posted on 11/29/2005 7:26:05 AM PST by The_Victor (If all I want is a warm feeling, I should just wet my pants.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Panerai

Patch has been out for weeks. Plus MS auto-update is completely free for actual owners. I guess that leaves us with those running illegal copies or too stupid to install critical patches. Don't forget to actually blame the hackers either, since some want to give them a free pass instead.


18 posted on 11/29/2005 9:46:45 AM PST by Golden Eagle
[ Post Reply | Private Reply | To 1 | View Replies]

To: proxy_user
Or how about a request from Windows users for MS to release a version of Windows for home users without any of these fancy features?

DCOM a fancy feature?

But if you have a request of M$ I suggest you contact them and not Freerepublic.

19 posted on 11/29/2005 10:33:04 AM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 4 | View Replies]

To: ShadowAce

That reminds me of an old site that said it would convert your machine to a MAC. It then used DHTML to do all kinds of fancy stuff and your machine looked just like a MAC. For non-techies it spooked them when I sent them a link to the site and then next thing they saw was a MAC and they had no idea how to get out of it (so they manually turned off the power).


20 posted on 11/29/2005 10:37:04 AM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 15 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson