Microsoft warns of Windows flaw - bit-tech.net Forums

Bindibadgi · 21st Apr 2008, 13:45

http://www.bit-tech.net/news/2008/04...windows_flaw/1

Microsoft has released a security advisory alerting customers to the possibility for a privilege escalation attack against all current Windows releases - including Vista.

naokaji · 21st Apr 2008, 14:29

ouch...

let's hope for a quick fix.

devdevil85 · 21st Apr 2008, 15:12

just another day in the news for MS......nothing surprising to see here people.....

wuyanxu · 21st Apr 2008, 15:42

if Mac and Windows found similar bug at the same time, i bet MS will fix the bug faster than Apple

sotu1 · 21st Apr 2008, 15:50

Quote:

Originally Posted by wuyanxu

if Mac and Windows found similar bug at the same time, i bet MS will fix the bug faster than Apple

as much as i love my mac i'm inclined to agree with you here

koola · 21st Apr 2008, 15:54

Quote:

Originally Posted by wuyanxu

if Mac and Windows found similar bug at the same time, i bet MS will fix the bug faster than Apple

The question is not who patches quicker, but who introduces more bugs while supposidly patching.

naokaji · 21st Apr 2008, 16:04

Mac users dont download patches on releaseday though since they think their OS is save

GoodBytes · 21st Apr 2008, 16:57

At least it is Microsoft that found it and has balls to mention it and not a hacker and have the surprise of your life.

Amon · 21st Apr 2008, 17:05

Not really that threatening if you look at the big picture. I personally don't know any typical home users who run an SQL database.

Laitainion · 21st Apr 2008, 18:49

Annoyingly Visual Studio 5005/2008 install SQL server (a limited, testing version), even if you don't want it as I recently had to remove uninstall about half a dozen parts of the bloody thing (I don't do database work, so meh). So I can see a number of developer's being vulnerable.

completemadness · 21st Apr 2008, 19:24

Quote:

Originally Posted by Laitainion

Annoyingly Visual Studio 5005/2008 install SQL server (a limited, testing version), even if you don't want it as I recently had to remove uninstall about half a dozen parts of the bloody thing (I don't do database work, so meh). So I can see a number of developer's being vulnerable.

i was thinking this too

Just another reason to use linux eh

Glider · 21st Apr 2008, 20:14

Quote:

Originally Posted by completemadness

Just another reason to use linux eh

You need a reason for that?

LordPyrinc · 21st Apr 2008, 23:19

As a software developer myself, I tend to be understanding of MS on issues like this. I know that even during small application development, bugs get past QA testing. I couldn't begin to fathom the effort it takes to build an entire OS. I think MS does a damn good job at notifying the user community when there are issues like this and takes the appropriate steps to fix the security holes in a reasonable time.

No software product goes out the door bug-free.

yakyb · 22nd Apr 2008, 09:10

as a guy running both IIS and SQL server on my Vista box i cant say im particularly happy about this but to be honest im not that pissed off either

[USRF]Obiwan · 22nd Apr 2008, 09:43

Quote:

Originally Posted by koola

Quote:

Originally Posted by wuyanxu

if Mac and Windows found similar bug at the same time, i bet MS will fix the bug faster than Apple

The question is not who patches quicker, but who introduces more bugs while supposidly patching.

Thats not the right question: Since the ratio Windows based systems: OsX systems is like 95:1 the discovery of bugs in OSx is also much much much less then Windows. It's more likely that OsX contains hundreds of undiscovered bugs but duo the small application base. I guess there are 1% Apple based SQL servers / Web servers / Application servers (Is OsX capable to run these things anyway?)

steveo_mcg · 22nd Apr 2008, 09:52

Quote:

Originally Posted by [USRF]Obiwan

Thats not the right question: Since the ratio Windows based systems: OsX systems is like 95:1 the discovery of bugs in OSx is also much much much less then Windows. It's more likely that OsX contains hundreds of undiscovered bugs but duo the small application base. I guess there are 1% Apple based SQL servers / Web servers / Application servers (Is OsX capable to run these things anyway?)

Its a *nix so i'll go out on a limb and say.. yeah.

[USRF]Obiwan · 22nd Apr 2008, 09:59

Quote:

Originally Posted by steveo_mcg

Its a *nix so i'll go out on a limb and say.. yeah.

Ok, since the last time I worked with a mac, it wa the size of a toaster with a a 3.5 inch floppy drive and a smiling computer icon on the 7" black and white screen. It was called blabla II something...

steveo_mcg · 22nd Apr 2008, 10:13

Same here... I loved my classic. Even then it was somewhat ahead of the windows curve (about 3-5 years ahead)

Bluephoenix · 22nd Apr 2008, 14:11

I've known about it since Win2000

I filed a bug report, but it never got dealt with and I never got feedback

it made a fun trick when I used to do penetration testing, as it was a hole no one knew existed and could be used to take over the entire system.

also, there are bugs that allow SQL and IIS to be started without proper authentication, or proper access. I haven't got any feedback on those reports either.

leexgx · 23rd Apr 2008, 02:19

SQL and IIS just seem plane insecure thay fix one thing and an 5 year old one comes along (or is it 8? heh)

any thing important or web sites should not be used an an windows box

21st Apr 2008, 13:45	#1
Bindibadgi Richard Swinburne bit-tech Staff Join Date: Mar 2001 Location: Omnipwntent Posts: 28,259	Microsoft warns of Windows flaw http://www.bit-tech.net/news/2008/04...windows_flaw/1 Microsoft has released a security advisory alerting customers to the possibility for a privilege escalation attack against all current Windows releases - including Vista. __________________ Made you look, made you stare, made you clicked this in your underwear! Den of Geek!

21st Apr 2008, 15:42	#4
wuyanxu quad fuelled, GTX200 powered Join Date: Aug 2007 Location: in a room near Soton Uni. UK Posts: 3,940	if Mac and Windows found similar bug at the same time, i bet MS will fix the bug faster than Apple __________________ Death to consolification !!!Core i7 860 @ 4Ghz Cooled by Corsair H50 // Asus P7P55D Deluxe // 8GB of Corsair Dominators @ 1528Mhz 8-8-8-24 // BFG gtx260+ OC2 MaxCore 216SP 896MB // Samsung 64GB SSD // WD Raptor 74GB + Black 1TB + Green 1TB // Corsair Hx620w // Antec p182 // Samsung 24" T240

21st Apr 2008, 16:57	#8
GoodBytes mother into a board?! Join Date: Jan 2007 Location: Canada, Montreal Posts: 3,475	At least it is Microsoft that found it and has balls to mention it and not a hacker and have the surprise of your life. __________________ AMD Athlon 64 X2 4400+ S939 \| 3GB of Corsair/Kingston (mix) RAM @ 400Mhz 3-3-3-8-2T \| ASUS A8N32-SLI Deluxe \| Geforce 260 GTX \| X-Fi XtreamMusic \| Western Digital 250GB SATA-II 16MB of Buffer \| Corsair HX620W \| Antec SOLO case \| Monitor: 24inch Dell U2410 \| Win 7 64-bit Go for Pro!

21st Apr 2008, 17:05	#9
Amon inch-perfect Join Date: Jun 2007 Location: cannoning into the reds, Toronto, Canada Posts: 2,456	Not really that threatening if you look at the big picture. I personally don't know any typical home users who run an SQL database. __________________ Defunct Socket 939 San Diego 4000+::2GB PC3200::Radeon 9600 SE 128MB::200GB HDD::24" Dell 2407WFP-HC::WinXP x64/x86 dual boot Dell Vostro 1500 laptop::Socket P Merom T7100::2GB PC5400::Go 8600m GT 256MB::660GB HDD::15.4" WXGA+, 24" Dell 2407WFP-HC::WinXP::Fanatec 911 Wheel+Pedals

22nd Apr 2008, 09:10	#14
yakyb CK is God!!! Join Date: Oct 2006 Posts: 1,067	as a guy running both IIS and SQL server on my Vista box i cant say im particularly happy about this but to be honest im not that pissed off either __________________ Gaming Box:: q6600 @3.0 :: 9800gtx :: Abit IP35 :: 4gb :: 1.4TB :: akasa eclipse :: Win7 Development:: PhenomII 955BE @3.2 :: 4200 :: asus M4A785 M Evo :: 1.25TB ::Win7 Media Centre :: q6600 @3.0 :: x1950pro :: asus p35 epu :: 8gb :: 320 GB :: Lc17B :: Win7 server:: I7 860 :: p55 gd65 :: 3450 :: 8 TB :: 8gb :: Rebel 12 :: server 2008 R2

21st Apr 2008, 15:12	#3
devdevil85 Hypermodder Join Date: Nov 2006 Location: US of A Posts: 884	just another day in the news for MS......nothing surprising to see here people.....

21st Apr 2008, 18:49	#10
Laitainion Minimodder Join Date: Jan 2006 Location: Loughborough, UK Posts: 44	Annoyingly Visual Studio 5005/2008 install SQL server (a limited, testing version), even if you don't want it as I recently had to remove uninstall about half a dozen parts of the bloody thing (I don't do database work, so meh). So I can see a number of developer's being vulnerable.

21st Apr 2008, 23:19	#13
LordPyrinc Legomaniac Join Date: Mar 2008 Location: USA Posts: 256	As a software developer myself, I tend to be understanding of MS on issues like this. I know that even during small application development, bugs get past QA testing. I couldn't begin to fathom the effort it takes to build an entire OS. I think MS does a damn good job at notifying the user community when there are issues like this and takes the appropriate steps to fix the security holes in a reasonable time. No software product goes out the door bug-free.

22nd Apr 2008, 10:13	#18
steveo_mcg What owl? Join Date: May 2005 Location: Edinburgh Posts: 3,981	Same here... I loved my classic. Even then it was somewhat ahead of the windows curve (about 3-5 years ahead) __________________ No boom today, boom tomorrow... there's always a boom tomorrow.

22nd Apr 2008, 14:11	#19
Bluephoenix Spoon? What spoon? Join Date: Dec 2006 Location: Daytona Beach, FL Posts: 936	I've known about it since Win2000 I filed a bug report, but it never got dealt with and I never got feedback it made a fun trick when I used to do penetration testing, as it was a hole no one knew existed and could be used to take over the entire system. also, there are bugs that allow SQL and IIS to be started without proper authentication, or proper access. I haven't got any feedback on those reports either.

23rd Apr 2008, 02:19	#20
leexgx CPC hang out zone (i Fix pcs i do ) Join Date: Jun 2006 Location: uk Posts: 568	SQL and IIS just seem plane insecure thay fix one thing and an 5 year old one comes along (or is it 8? heh) any thing important or web sites should not be used an an windows box __________________ Qx6850 (OC 3.3Ghz) <> 120 extreme<> rampage forumla <> 9800GX2 <> 8gb 4x2gb (2x gell / 2x adata)<> SSD powered Corsair S128 / WD Black 1TB <> Crative X-fi FalTy FPS <> TK 1000w Toughpower <win7 x64> Click me for folding stats greenfrog.biz / 35947