Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Vulnerabilities Revealed, Patched

Posted by simoniker on Wednesday July 16, 2003 @10:34AM from the information-is-good dept.

Saint Aardvark writes "A big MS Windows remote vulnerability has just hit BugTraq. It concerns a buffer overflow in MS' DCOM, and affects Win2k through Server 2003; here's the security advisory from Microsoft. This is in addition to an earlier vulnerability concerning conversion from HTML to RTF - there's a separate security advisory from Microsoft for this one, and it affects Win98 and NT 4.0 through Server 2003. Patch early, patch often." There's also a CNET News story with a little more explanation on the newest vulnerability.

2 of 445 comments (clear)

Min score:

Reason:

Sort:

More info and POC ... by bigjocker · 2003-07-16 10:37 · Score: 5, Informative

More info here, here and here. Here internetnews.com state that 3 vulnerabilities (not 2) where patched.

Here is the report from the people who found the vulnerabilities (or at least one of them) which includes a proof-of-concept paper and code.

--
Life isn't like a box of chocolates. It's more like a jar of jalapenos. What you do today, might burn your ass tomorrow.
Re:heh by UnrefinedLayman · 2003-07-16 11:03 · Score: 5, Informative

The point is this is a remotely exploitable system level hole.

It's important to note that the system account is god in Windows -- even Administrator has less power than system.