Computer Help Community

Community

Cyber Tech Help Community

New Tutorials

More Tutorials
PC Tutorials

New Downloads

More Downloads
PC Downloads

Member Testimonials

Open Member Quote   Am grateful that I found this site. Receiveid prompt and helpful advice shortly after posting my first "insolvable problem". - Popster  Close Member Quote
Member Testimonials
MY CYBER TECH HELP

LATEST TOPICS

Tech Help Community

Free Antivirus Scan

Free Virus Scan and a listing of the top 10 viruses in the wild - Free Antivirus Scan
Free Online Antivirus Scan

File Extension Database

Find what program a filetype belongs to in our searchable File Extension Database.
File Extension Database

Related Microsoft Links

Technet

Expert Zone Community
Services
Cyber Tech Help Community

To the top of the page to top

 



Computing News | Microsoft rings alarm on Windows rights bug

Latest News Latest News | News ArchiveNews Archive | Cyber Tech Help News RSS Feed!

Posted by: Tweaker
Date added: 15:04 Saturday, 19th April 2008 GMT
Source: Computer World News

Microsoft

Microsoft Corp. yesterday issued a security alert to warn users of a bug in most versions of Windows, but didn't promise to fix the flaw or -- if it does patch the problem -- say when a fix would be released.

A little more than three weeks ago, Microsoft had denied that the problem was a vulnerability.

In a security advisory published on Thursday, Microsoft categorized the vulnerability as an "elevation of privilege" that, if exploited, could give attackers significantly greater access to the compromised machine. The bug affects Windows XP Professional SP2, and all versions of Windows Server 2003, Windows Vista and the brand-new Windows Server 2008.

Although the flaw is within Windows, attackers could conceivably exploit it through custom Web applications running in Microsoft's Web server, Internet Information Services. It could also be exploited via SQL Server, added Microsoft.

"Web apps usually run in a lesser-privileged mode," said Andrew Storms, director of security operations at nCircle Network Security Inc. "[Using this vulnerability, attackers"> could jump that privilege to a LocalSystem account, which is not a long way from an administrative account.

Microsoft did not promise to create a patch. "Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers," Sisk said in a post to the MSRC blog. "This may include providing a security update through our monthly release."

But Microsoft rarely issues a security advisory without at some later date providing a patch, Storms noted.

The next scheduled release date for a Microsoft patch is May 13.

Tools:  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

 

Post a commentPost a comment

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!  Register to become a member!  Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

 

[ To the top of the page To top | Latest News Latest News | News Archive News Archive | Cyber Tech Help News RSS Feed! ]