Google security researcher Tavis Ormandy discovered an ancient bug early this year, present on a utility that allows newer versions of Windows to run very old programs. Ormandy found a way to exploit this utility in Windows XP, Windows Server 2003 and 2008, Windows Vista and Windows 7. First appearing in Windows NT 3.1, the vulnerability has been carried over into almost every version of Windows that has appeared since. Microsoft has issued a security bulletin about the problem and aims to tackle it soon.
The February update for Windows will close the loophole that dates from the time of DOS (Disk Operating System)-based operating systems, but att the moment there is no evidence that this latest find is being actively exploited online. Microsoft will release the patch for this vulnerability in their February security update, which will also eliminate five other vulnerabilities that allow attackers to hijack a Windows PC and run their own programs on it. As well as fixing holes in many versions of Windows, the update also tackles bugs in Office XP, Office 2003 and Office 2004 for Apple Macintosh machines.
No comments:
Post a Comment