Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Admits XP Has Same Bug As Win2K

Posted by kdawson on from the not-a-security-flaw-no-really dept.

Arashtamere sends in a Computerworld story on a security flaw in the Windows 2000 pseudo-random number generator published by Israeli researchers earlier this month. Microsoft has now admitted that the flaw is present in XP too. Microsoft denies that the bug is a security vulnerability, since an attacker would have to have gained administrative access to a system before exploiting it. (The Israeli researchers point out that many common exploits provide admin access.) This stance apparently lets them off the hook for patching Win2K, which is in "extended support" mode, though it powers about 9% of US and EU business computers. Microsoft said that XP SP3, due in the first half of next year, will fix the bug. The company said that Vista, Windows Server 2003 SP2, and the new Windows Server 2008 are not vulnerable.

2 of 161 comments (clear)

  1. Who wants to bet... by Anonymous Coward · · Score: -1, Troll

    Who wants to bet that they'll "upgrade" to the elliptic curve algo with the NSA backdoor?

  2. No Surprise here ....... by HW_Hack · · Score: -1, Troll

    This is what happens when you keep polishing the same turd, and then passing it off as a new product every few years .... Following this trend - Vista is about as popular as turd floating in a punch bowl at a wedding

    --
    Its not the years, its the mileage .....