Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Admits XP Has Same Bug As Win2K

Posted by kdawson on from the not-a-security-flaw-no-really dept.

Arashtamere sends in a Computerworld story on a security flaw in the Windows 2000 pseudo-random number generator published by Israeli researchers earlier this month. Microsoft has now admitted that the flaw is present in XP too. Microsoft denies that the bug is a security vulnerability, since an attacker would have to have gained administrative access to a system before exploiting it. (The Israeli researchers point out that many common exploits provide admin access.) This stance apparently lets them off the hook for patching Win2K, which is in "extended support" mode, though it powers about 9% of US and EU business computers. Microsoft said that XP SP3, due in the first half of next year, will fix the bug. The company said that Vista, Windows Server 2003 SP2, and the new Windows Server 2008 are not vulnerable.

9 of 161 comments (clear)

  1. At last... by EsbenMoseHansen · · Score: 5, Funny

    A reason to upgrade to Vista! ;)

    --
    Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
    1. Re:At last... by Anonymous Coward · · Score: 2, Funny

      Yes sir, Vista it is. Then Window 7 will fix Vista security ... we should wait for Window 7 or better Window 8 ... Right?

    2. Re:At last... by rapidweather · · Score: 2, Funny

      And, no "upgrade" is really necessary, Vista comes preinstalled on all new PC's!
      At the cost of "upgrading" your old PC, you can get a new box with much more power than you need!
      (now, where is that Open SuSE installation CD...)
      Got to hand it to those Novell people, that's a nice OS!
      Anyone here manage to get Vista and Open SuSE to "dual boot", and if so, any issues?

      --
      Rapidweather's Linux Screenshots.
  2. Re:I have to agree with MS on this one... by abigsmurf · · Score: 5, Funny

    But to say that is to deny our ability to flame MS! Clearly it's an example of MS' incompetence that a random number generator that's 7+ years old has been broken by recent maths and it can be exploited to gain full access when you already have full access!

  3. One of many ... by ScrewMaster · · Score: 2, Funny

    Microsoft Admits XP Has Same Bug As Win2K

    More correctly, "Microsoft Admits XP has same bugs as Win2K."

    --
    The higher the technology, the sharper that two-edged sword.
  4. Re:I have to agree with MS on this one... by ScrewMaster · · Score: 3, Funny

    You're wasting your breath having a dialog with someone who refers to two of the major operating systems on the market as "Linuzzz" and "Abbles OS".

    --
    The higher the technology, the sharper that two-edged sword.
  5. Re:I have to agree with MS on this one... by Rogerborg · · Score: 3, Funny

    You have a monitor to turn on? Pwwwp, noob. I don't even have a keyboard; I'm writing this by shorting a PCB with paperclips.

    --
    If you were blocking sigs, you wouldn't have to read this.
  6. Re:I have to agree with MS on this one... by empaler · · Score: 2, Funny

    I believe the words you were looking for are:
    YHBT. YHL. HAND.

  7. Re:Meanwhile, in the *nix by Anonymous Coward · · Score: 1, Funny

    IT NEVER WAS!
    Off to re-education camp for you!