Five-year-old design flaw found in all Windows versions

Posted by   Virus Bulletin on   Nov 26, 2007

Microsoft engineers spend Thanksgiving holidays writing patch.

During the Kiwicon conference earlier this month, ethical hacker Beau Butler from New Zealand disclosed a design flaw in Windows that could potentially affect millions of users. Said flaw seems to have been first discovered and, apparently, fixed more than five years ago, but this fix has turned out to be only partially effective, Australian newspaper The Age reports.

A Microsoft spokesman confirmed that this is a serious issue and asked Butler and The Age not to disclose details of the flaw while Microsoft's security team is working on a fix. The vulnerability is said to occur in all versions of Windows, including Vista, and could lead to hackers taking over many PCs with a single attack. However, while Butler found more than 160.000 computers in New Zealand to be vulnerable, the flaw is reported to only affect computers in countries outside the United States.

Posted on 26 November 2007 by Virus Bulletin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Throwback Thursday: Olympic Games

In 1994, along with the Olympic Games came an Olympic virus, from a group of Swedish virus authors calling themselves ‘Immortal Riot’. We look back at Mikko Hyppönen's analysis in the VB archive.

VB2016 call for last-minute papers opened, discounts announced

Announcing the VB2016 call for last-minute papers and a number of discounts on the conference registration rate.

Guest Blog: Malicious Scripts Gaining Prevalence in Brazil

In the run up to VB2016, we invited the conference sponsors to write guest posts for our blog. In the second of this series, ESET's Matías Porolli writes about malicious Visual Basic and JavaScript gaining prevalence in Brazil.

Romanian university website compromised to serve Neutrino exploit kit

The website of the Carol Davila University of Medicine and Pharmacy has been compromised to inject a hidden iframe into the site's source code that serves the Neutrino exploit kit and may infect visitors with ransomware.

It's 2016. Can we stop using MD5 in malware analyses?

While there are no actually risks involved in using MD5s in malware analyses, it reinforces bad habits and we should all start using SHA-256 instead.