http://www.eweek.com/article2/0,3959,5264,00.asp It could be this the MS exec was talking about in the above URL: During his second day on the stand, Allchin conceded that Microsoft has already identified at least one protocol and two APIs that it plans to withhold from public disclosure under the security carve-out. The protocol, which is part of Message Queuing, contains a coding mistake that would threaten the security of enterprise systems using it if it were disclosed, Allchin said. Em Sat, Jul 06, 2002 at 08:04:56PM -0700, Blue Boar escreveu: > > > I am writing an academic paper on such vulnerabilities in event-driven > > > systems and I am sending it tomorrow to a conference for review. :) > > > > > > In event-driven systems it is common to be able to send events > > > (=messages) from unprivileged users to priviliged users (guest -> > > > Administrator). In Windows 2000, an unpriviliged process (example: (...)
This archive was generated by hypermail 2b30 : Fri Jul 12 2002 - 15:57:41 PDT