On MovieTome: Concept art of Iron Man's super-villain!
BNET Business Network:
BNET
TechRepublic
ZDNet
121 TalkBacks

By Dawn Kawamoto
Posted on ZDNet News: Aug 3, 2005 8:40:00 PM

A serious flaw has been discovered in a core component of Windows 2000, with no possible work-around until it gets fixed, a security company said.

The vulnerability in Microsoft's operating system could enable remote intruders to enter a PC via its Internet Protocol address, Marc Maiffret, chief hacking officer at eEye Digital Security, said on Wednesday. As no action on the part of the computer user is required, the flaw could easily be exploited to create a worm attack, he noted.

What may be particularly problematic with this unpatched security hole is that a work-around is unlikely, he said.

"You can't turn this (vulnerable) component off," Maiffret said. "It's always on. You can't disable it. You can't uninstall."

eEye declined to give more details on the flaw or the Windows 2000 component in question. As part of company policy, it does not release technical details of the vulnerabilities it finds until the software's maker has released either a patch or an advisory.

"Researchers report vulnerabilities to Microsoft all the time through our established channels in the (Microsoft Security Response Center)," a company representative said. "This is really business as usual...Microsoft investigates all reports and will take the appropriate action for all vulnerability reports depending on customer needs."

The vulnerabilities affect Windows 2000, but Maiffret noted eEye is still conducting tests, and he anticipates other versions of Microsoft's OS will likely be affected.

For Microsoft, this marks the second eEye advisory it's received this week. On Monday, eEye notified the software giant it had found critical vulnerabilities in Internet Explorer.

The IE vulnerabilities could allow malicious attackers to launch a remote buffer overflow attack should users click on a malicious Web site link.

The flaw, which is rated as a "high" risk, affects IE, Windows XP and SP1, Windows 2003 and Windows 2000.

Microsoft confirmed it received the eEye advisory regarding IE through its standard vulnerability reporting system.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 121 Talkback(s)
And 'out of the blue' after Vista de Iconas
is fully out, WinXP SP n will also end up having the flaw!

But it is OK for MS: they know that they can get away with EVERYTHING. People will keep spending billions in their ongoing hunt for m... (Read the rest)
Posted by: michael_t Posted on: 08/06/05 You are currently: a Guest | | Terms of Use
Has anyone been able to comprimise a system  John Zern | 08/03/05
Worm Hole  Falkkor | 08/03/05
Theoretical until another embarassing massive compromise....  michael_t | 08/03/05
And just how did you turn off the 6 found in  ShadeTree | 08/04/05
Easy..  Patrick Jones | 08/04/05
Huh?  klmmicro | 08/04/05
That's easy  michael_t | 08/04/05
Depends on who you're asking.  IT Scion | 08/03/05
more like depends on WHO is gonna hack your PC....;-)  michael_t | 08/03/05
For us middle-of-the-roaders  Real World | 08/04/05
Worm hole found in Windows 2000  Loverock Davidson | 08/03/05
So you hope..  Patrick Jones | 08/03/05
If I were a criminal  voska | 08/03/05
Criminals may not be so fastidious.  Anton Philidor | 08/03/05
Which is why  Michael Kelly | 08/03/05
I strongly disagree!  cdgoldin | 08/04/05
Maybe the ones doing it for bragging rights..  Patrick Jones | 08/04/05
NAT isn't bullet-proof  node357 | 08/03/05
If one can find it then another can  voska | 08/03/05
At least some people still have some ethics  htotten | 08/03/05
Not you htotten, the arrows are meant for Lovekokk (nt)  Colonel_Panic | 08/03/05
More power to those "blowing the whistle".  bjbrock | 08/03/05
Blowing the whistle  node357 | 08/03/05
You are ABSOLUTELY correct  michael_t | 08/03/05
Micheal ....  DragonBRockin | 08/03/05
No, unethincal sure but not criminal  voska | 08/03/05
Worm found lurking in ZDNet ^^^^^^^^^ (nt)  Colonel_Panic | 08/03/05
AND I wish MS had less greed-induced confusion  michael_t | 08/03/05
And the daydreaming continues under a summer night-sky .... zzzzzz happy  michael_t | 08/03/05
having split personality problem I guess... happy  michael_t | 08/03/05
Now you know why I told you to take your thorazine.  osreinstall | 08/04/05
3 diff humorous replies to loverock appeared to you I was  michael_t | 08/04/05
LOL  Real World | 08/04/05
He could never spell, and makes stuff up.  osreinstall | 08/04/05
I am disappointed by your spelling .... mjb  michael_t | 08/04/05
Sorry Charlie  Real World | 08/05/05
You call that humor?  osreinstall | 08/04/05
OK Next time I will include GIJoes and tanks for you little fella....  michael_t | 08/04/05
Your constant screwups to my occasional  osreinstall | 08/04/05
RE: Now you know why I told you to take your thorazine.  Linux User 147560 | 08/04/05
Don't complain too hard. Job security!  osreinstall | 08/04/05
This is great news for my job prospects  zmud | 08/04/05
That's the attitude  osreinstall | 08/04/05
I understand why you are so sensitive to people having psychological  michael_t | 08/04/05
I see now WHY you know this medicine SO WELL....  michael_t | 08/04/05
Idiot Savant -- You may be one, Michael_t.  PMC-CON | 08/04/05
Ironically, you've never been able to defeat my argument using  michael_t | 08/04/05
Your comebacks are weak when you post twice!  osreinstall | 08/04/05
A "Savant" is a scholar.  The King's Servant | 08/04/05
You are too literal in definition  osreinstall | 08/04/05
Your 'english' is deteriorating (along with your 'special condition')  michael_t | 08/04/05
I rest my case on that one  osreinstall | 08/04/05
Wouldn't You Like to Have michael_t's ...  PMC-CON | 08/04/05
That's funny...  bill@... | 08/04/05
Typical and a shame, 2k is the one and only...  Colonel_Panic | 08/03/05
Conspiracy?  node357 | 08/03/05
Agree  rick752 | 08/03/05
RE: Agree  Linux User 147560 | 08/04/05
MS classic: "It's always on. You can't disable it. You can't uninstall."'  michael_t | 08/03/05
Very true  DarthRidiculous | 08/04/05
Here is VISTA! better UPGRADE: look at the incorrigible defects ! happy  michael_t | 08/03/05
They worked out that whole time/space continuum thing?  palmwarrior | 08/03/05
Is there anybody who didn't get a wedgie this week?  Zoraster | 08/03/05
yeah, mac users(nt)  DarthRidiculous | 08/04/05
Isn't there a connectivity issue in Tiger...  The King's Servant | 08/04/05
Windows flaw  DragonBRockin | 08/03/05
Win2000 Flaw revealed  rifter | 08/04/05
You'll Change When ,,,  PMC-CON | 08/04/05
or this is a fud because  toxicfreak | 08/03/05
Don't hold your breath waiting for a fix from M$  DarthRidiculous | 08/04/05
Glad I Migrated  grincity2003 | 08/04/05
Better than XPee!  An_Axe_to_Grind | 08/04/05
If you knew anything about it ...  ShadeTree | 08/04/05
Howdy there you little fella  michael_t | 08/04/05
If "you" knew anything about it...  rifter | 08/04/05
WTHey?  The King's Servant | 08/04/05
If you think XP is better  voska | 08/04/05
XPs Attempts At Improvement on W2K  PMC-CON | 08/04/05
But Isn't It Possible...  bill@... | 08/04/05
I would assume so.  An_Axe_to_Grind | 08/04/05
I Used The Wormhole To Travel To The Year 1955  SecurityAgent | 08/04/05
Oh, C'mon! Everyone Knows....  bill@... | 08/04/05
Is Vista Going To Generate The 1.21 Jigawatts To Do This?  itanalyst | 08/04/05
MS hopes it can generate 1.21 gadgilion $$$ nt  michael_t | 08/04/05
I used an Acer Ferrari notebook with the AMD64 mobile.  The King's Servant | 08/04/05
Legions.....  charlesgoff | 08/04/05
Amen  Mach_z | 08/04/05
I bought a girlfriend from MS...  robgroh | 08/04/05
Hmmm? Let's see....  The King's Servant | 08/04/05
Marketing strategy  Rick_K | 08/04/05
And 'out of the blue' after Vista de Iconas  michael_t | 08/06/05
And everytime another incorrigible FLAW is found  michael_t | 08/04/05
and our guests include  michael_t | 08/04/05
Who you talking to mikey  osreinstall | 08/04/05
It is 'whom' reinstalled, and  michael_t | 08/04/05
Better wake up with a clearer head.  osreinstall | 08/04/05
I am glad that you are concerned about my intellectual well being  michael_t | 08/05/05
Does this mean you will grace us with an exit?  osreinstall | 08/05/05
re: Does this mean you will grace us with an exit?  michael_t | 08/05/05
Hahaha I am glad that you are keep talking  michael_t | 08/05/05
You are lonely. You are boring your special friend.  osreinstall | 08/05/05
Dare this then  michael_t | 08/05/05
I already did it a long time ago.  osreinstall | 08/05/05
I "understand" you got  michael_t | 08/05/05
It is clear to me that your skills are  michael_t | 08/05/05
Isn't past your bedtime?  osreinstall | 08/05/05
Can't disable? Can't uninstall?  netminder | 08/04/05
They have made a flux capacitor.  The King's Servant | 08/04/05
And HERE IT IS. Vistas and a buncha Wormas .... ;_)  michael_t | 08/04/05
OH MY GOD, SOMEONE BROKE BETA CODE  PMC-CON | 08/04/05
Which is a USUAL situation with ALL MS CODE being PRE-BETA etternally .  michael_t | 08/04/05
Idiot Savant -- You may be one.  PMC-CON | 08/04/05
Oops, this was for michael_t ,,,  PMC-CON | 08/04/05
My point exactly ....;-)  michael_t | 08/04/05
You Have Never Once Used Any LOGIC ...  PMC-CON | 08/04/05
Dear rage afflicted CONman  michael_t | 08/04/05
Name a Desktop OS Subject ...  PMC-CON | 08/04/05
And you a 'dispassionate person' with full intellectual  michael_t | 08/05/05
BTW, Did You Consider that You May Be ...  PMC-CON | 08/04/05
The symptoms that afflict you  michael_t | 08/05/05
Worm hole found in W2K  michael_t | 08/05/05

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline