Technology news and Jobs 
Information Technology News Microsoft bug receives US-CERT alert
Information Technology News Microsoft bug receives US-CERT alert | Microsoft bug receives US-CERT alert |
|
| by Stan Beer | |
| Thursday, 10 August 2006 | |
  
The software flaw labelled MS06-040 in the Microsoft Security Bulletin concerns Server service, which involves sharing resources such as storage and printers on networks. The flaw is considered so serious that it has been acknowledged by security specialists as the worst of the 23 vulnerabilities, including 16 critical flaws, for which patches were issued this week. The problem identified by US-CERT involves a stack-based buffer overflow which exists in the Microsoft Server service. If a remote attacker sends a specially crafted packet to a vulnerable Windows system, the attacker could trigger a buffer overflow and remotely execute code on the target system. "A remote, unauthenticated attacker may be able to execute arbitrary code with SYSTEM privileges," US-CERT states on its website. According to US-CERT, the agency has received reports that the vulnerability is actively being exploited and some specialists say that targets may not even know that they've been hacked. Microsoft itself has given recognition to the fact MS06-040 stands above the rest of the identified vulnerabilities this month and has issued a recommendation that users give priority to patching MS06-040 ahead of the other critical flaws. {moscomment} |
Tags
| < Next story in category | Previous story in the category > |
|---|
