Microsoft warns of new Windows denial-of-service flaw

Exploit code has been published on the internet that can take advantage of security flaws in Windows XP SP1 and all versions of Windows 2000, Microsoft has warned.

Exploit code has been published on the internet that can take advantage of security flaws in Windows XP SP1 and all versions of  Windows 2000, Microsoft has warned.

The code, circulating on the internet, can be used to launch denial of service attacks through the two operating systems.

Although the threat has so far not been patched by Microsoft, the vulnerability is classed only as moderate because remote attackers would first have to gain security access to a user’s machine via a firewall, and start an attack from within an organisation.

The vulnerability was discovered by a security researcher in India who reverse-engineered a patch Microsoft issued last month to close a security flaw in a Windows plug-and-play feature.

Microsoft said it was looking into the matter, but said it was concerned that the flaw had been reported before it was told of the problem.

Security researchers have criticised Microsoft in the past for not acting quickly enough after going to the company with new flaws before they are made public.

Microsoft’s next monthly patching release is scheduled for 13 December.

 

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close