« Opera defies Microsoft with browser for gsm
AOL closes door on Trillian »

Leak opens back-door in Windows

The warning that Microsoft yesterday sent, is through official authorities yet once extra in the paint put. The CERT pulls at the alarm bell, for the new vulnerability set the door wide open open for hackers. Almost all versions of Windows, with exception of XP, its leak.

In Microsoft Security Bulletin MS02-065 stands described how a mistake in the Microsoft Data Access Components (MDAC) by a hacker can be exploited the control about a system about to take. MDAC are parts that vouch for the sending and receive of data to data bass, for instance about the Internet. The components find an application on servers, but are also standard present in Windows Millennium, 2000 and XP.

Yet is that last not vulnerable. The wrong stretch in MDAC versions 2.1, 2.5 and 2.6. By Windows XP, MDAC 2.7 sit through which the operating system remains outside shot. Also other Windows-users that the change to the new version made, have nothing to fear.

Microsoft considers the vulnerability as “very serious”, because it hit can as source servers as pc's. A shrewd hacker sees to through here about two attacks possibilities. Through for instance via HTTP a false request to steer to an IIS-serve, can export he its own code. Because Microsoft IIS till most used software belongs round sites to baled, is the danger for large-scale attacks very large. “This vulnerability is clear very serious and Microsoft guesses at that all customers whose systems danger walk, immediately the necessary actions undertake”, sounds it by MS.

Entry till usual pc's a hacker will to get will must otherwise to work. The vulnerabilities exploit, lifted then via a special stuffedte website. An user will enticed become that to, e-mail for instance page by a link on someone else, in an or via an IM-message. Once there arrived, has he price: the code of the hacker automatically is exported look at meanwhile the surfer the page. This can becomes Explore source single as it gesurft with Internet.

Because MDAC on different configurations though then not activated can be, has Microsoft a patch brought out that your system checks. When necessary, the leaky poem becomes. The patch find you in our downloadkanaal or by Microsoft. For administrators of IIS-servers, there is a checklist with important security measures. That you find here. The ISS Lockdown Tool, to invent via the shady at the bottom this article, connects the vulnerable component.

This article was posted on Monday, December 31st, 2007. Trackback from your own site.