Unpatched Microsoft bugs raise red flags

Unpatched Microsoft bugs raise red flags
Unpatched Microsoft bugs raise red flags 

By Robert McMillan
September 8, 2009 
IDG News Service 

Microsoft has released its security updates for the month of September, 
but a couple of unpatched flaws have some security experts wondering if 
the software company will be forced to release an emergency patch 
sometime in the month ahead.

Security researchers believe that an unpatched flaw in the SMB (Server 
Message Block) 2 software that ships with Windows Vista and Windows 
Server 2008 could turn into a major headache.

Proof of concept code showing how the bug could be leveraged to crash a 
Windows machine was posted Monday to the Full Disclosure mailing list by 
Laurent Gaffie.

But security experts believe that more serious attacks are possible.

Kostya Korchinsky, a senior security researcher with security-assessment 
software vendor Immunity, said the flaw could be exploited in a 
privilege-escalation attack. This type of attack is used once the 
attacker has already found a way to run software on the victim's 
machine. It gives the hacker a way of accessing system resources that 
would otherwise be prohibited.


Please Donate to the Ron Santo Walk to 
Cure Diabetes with Ethan's Crew! 

Site design & layout copyright © 1986-2014 CodeGods