Heads Up: Major New Windows Vulnerability
By Daniel Miessler on August 4th, 2005: Tagged as General | Windows
A vulnerability in Microsoft’s operating system could enable remote intruders to enter a PC via its Internet Protocol address, Marc Maiffret, chief hacking officer at eEye Digital Security, said on Wednesday. As no action on the part of the computer user is required, the flaw could easily be exploited to create a worm attack, he noted.
What may be particularly problematic with this unpatched security hole is that a work-around is unlikely, he said. “You can’t turn this (vulnerable) component off,” Maiffret said. “It’s always on. You can’t disable it. You can’t uninstall.”
No need to panic or anything, but definitely something to watch for. I’m sure a patch will be forthcoming; we can only hope it makes it to us before the exploit code does. Anyway, yet another example of why the disclosure debate is so important…