http://www.smh.com.au/news/Breaking/Critical-W2K-bug-unpatched-after-105-days/2004/11/16/1100384533654.html By Sam Varghese November 16, 2004 A critical flaw in Windows 2000, discovered by eEye Digital Security, is yet to be patched by Microsoft though 105 days have elapsed since full details of the bug were provided to the software giant. eEye has characterised the bug as a "remotely-exploitable vulnerability that allows anonymous attackers to compromise default installations of the affected software, without requiring user interaction, and gain absolute access to the host machine." Details were sent to Microsoft on August 2. eEye started informing the public of upcoming security advisories last year. The procedure it follows is to provide the bare details of the bug and then wait for a patch to be issued before it released full details of the flaw in question. Yesterday, eEye sent details of another critical bug - in Windows ME, Windows 2000, Windows XP and Windows 2003 - to Microsoft. This was described as "a vulnerability in default installations of the affected software that allows malicious code to be executed with minimal user interaction." Microsoft chief executive officer Steve Ballmer was quoted recently as saying that patches for Windows were issued swiftly, compared to those for other operating systems. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Wed Nov 17 2004 - 01:30:51 PST