Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Sits on Security Flaw for Six Months

Posted by michael on from the you've-already-been-hacked dept.

pmf writes "Yet another critical vulnerability affecting Windows 2000/XP/2003 has been just announced by eEye. It is worthy to note, that it took Microsoft over 6 months to fix it. The bug affects ASN.1 library and is remotely exploitable through authentication subsystems (Kerberos, NTLMv2) and applications that make use of SSL certificates." The AP has an overview.

2 of 741 comments (clear)

  1. Re:And this is better than open source... how? by Aardpig · · Score: 1, Flamebait

    There are a number of open source projects that are no longer being maintained, but are in fairly wide use.

    Care to name "a number" of such open source projects? Or shall we call you troll?

    --
    Tubal-Cain smokes the white owl.
  2. Re:when are they releasing this patch to consumers by EverDense · · Score: 0, Flamebait

    I don't know when the official patch will be out, but here is something to help in the mean time:

    Back Orifice 2K

    --
    http://jesus.everdense.com/