Microsoft Warns of New Security Threat

http://news.yahoo.com/s/nf/20051121/bs_nf/39566

Microsoft (Nasdaq: MSFT - news) is warning consumers using Windows XP Service Pack 1 (SP1) and Windows 2000 SP4 that code has been published that could be used to launch denial-of-service (DoS) attacks.

According to the Microsoft security advisory, "the vulnerability could allow an attacker to levy a denial of service attack of limited duration" on Windows XP SP1 if the attacker has valid log-on credentials.

Although the flaw cannot be exploited remotely by an anonymous user, the company said that the affected component is available remotely to users who could gain access through a guest account. The advisory added that users with SP2 are not at risk.

Microsoft has rated the threat as "low" and has not yet developed a patch. In order to launch an attack on Windows 2000 users, the attacker would have to gain remote access to the Remote Procedure Call port. The RPC is generally located behind a firewall and therefore is difficult to access remotely.

more...
This doesn't get any better does it!!! Just one breach after another!!!

Flem.

http://informationweek.com/story/showArticle.jhtml?articleID=173401731

The Macintosh operating system was updated to fix 60 flaws in the OS and bundled applications. Even for Apple, which traditionally has handled numerous bugs in any given update, October's total was a new record.

Apple Computer on Monday updated its Macintosh operating system to fix 60 flaws in the OS and bundled applications. Even for Apple, which traditionally has handled numerous bugs in any given update, October's was a new record.

The update to Mac OS X 10.4.3 covers bugs in everything from Apple's Safari Web browser to password problems that can lead to the Mac's version of Windows' infamous "Blue Screen of Death."

Available in versions for either Mac clients or servers, the 10.4.3 update also fixes major security issues such as a failure in the software update feature to properly install critical fixes, and several data disclosure vulnerabilities in the OS kernel, which could potentially let local users gain access to sensitive information.

Good luck if you buy a Mac. Cost? $Hundreds Problem solved? Maybe so, maybe not.

The guy upstairs from be had to take his brand new G-something back to the store to get it fixed. They had it for a week. Personally, I'd go crazy if my computer was gone for a week.

BTW - I never, ever get viruses, worms or whatever the flavor of the day is simply because I keep up with free software updates and don't do stupid stuff. And I never have to take my computer to the store and leave it to get it fixed.

YMMV

so badly all it would do was say Zool and demand to see the keymaster. It sits in a corner now waiting for the Linux fairy. I'm typing this on an ancient Mac which never gets viruses. It does however get occasionally muddled by nasty packs of java monsters.

Or any other software because it won't run any of the latest titles. Perhaps you could consider starting and stopping boot services as game play....

And good luck with the Linux machine. I had one and couldn't be bothered keeping up with all the obscure security patches and configuration issues. Besides, it's tiring to read so much to get anything done with it.

No, I'll keep my Windows 2000 machines, and pity anyone who tries to get me to "updgrade" to Windows XP as well. Strictly a Windows 2000 fan here - all MS software prior to Windows 2000 sucked rotten eggs just a bit less than the old Mac stuff did, and MS's new offerings are bloated and too politicized.

Having said that, if MS stops supplying free Windows 2000 software updates, I'll reconsider the other options (including a Mac if I decide to give up my business and only need a play machine)

:evilgrin:

Don't worry that this one says "...Network Installation Package for IT Professionals and Developers." All that means is that you can download this version on any Windows PC and use it to update as many Windows XP computers as you want. If you can, burn it to a CD. The regular version is basically a "Live update" that you need to be connected at the time version.

Note: for all this to work right, you almost have to use the Internet Explorer ver 5 or 6.

Windows XP Service Pack 2 Network Installation Package for IT Professionals and Developers
<http://www.microsoft.com/downloads/details.aspx?FamilyID=049c9dbe-3b8e-4f30-8245-9e368d3cdb5a&displaylang=en>

More downloads at this page too:

<http://www.microsoft.com/downloads/search.aspx?displaylang=en&categoryid=7>

All it takes to prevent problems is simple preventative steps.

have valid log-on credentials, which are domain or machine specific, the odds of anyone actually being able to use such a technique to launch a real DOS attack are pretty minimal.

This is nowhere near being a serious threat.

I could perform that type of DOS attack simply by keeping the processor too busy to respond to any other requests. No holes in the operating system needed. No problem at all. A child could do it.

:evilgrin:

If you give someone your keys, they can open your door and steal your stuff.

It is amazing that MS still exists, much less thrives in our country. I suppose that's what happens when you rip off the bulk of your OS from a competitor, and then use it to become the 800lb monpolistic gorilla.

I've had Macs for years now, never had any viri, never had to deal with any security issues, just a stable platform that I turn on in the morning, and it keeps working day in and day out. Not much to ask for, but something that seems beyond the grasp of Gates and Co.