Serious Windows Security Issue?

[CodeDragon]

What do you guys think of the problem described in This Article?

Has anyone else heard anything about this?

Cheers

CD

[Archer]

Which one


Sorry! This section of Newscientist.com is unavailable at the current time - every effort is being made to get it back up and running as quickly as possible.

Please try again soon.

The New Scientist Webteam

[CodeDragon]

Originally posted by Archer
Which one


Sorry! This section of Newscientist.com is unavailable at the current time - every effort is being made to get it back up and running as quickly as possible.

Please try again soon.

The New Scientist Webteam

D'oh! Works for me though.

CD

[Fubarian]

Paget, who goes by the hacker handle 'Foon', logged on to a system as a guest user - normally granted minimal privileges - and by exploiting the flaw managed to increase his privilege level to 'local system', the highest level possible. This gave him complete access to everything on the machine and potentially to other machines on the local network.

What they didn't say is if he had to actually hack that account or not. I don't know about you but my guest account is renamed and disabled with a password that I don't even know (copy paste 40+ characters, with @#$%^&* and so on in it too.) ...come to think of it I'd be easier to hack my admin account!

and it seems thats what MS is saying in return

In a statement issued to New Scientist, Microsoft said: "Based on an exhaustive review of both the theoretical and practical impact of the proposed scenario, we believe that it does not meet Microsoft's definition of a security vulnerability."

So I'd have to say no, its not that big of a deal.

But on the flip side, this I will agree with....even though it has been known for a while now.

The flaw exposed by Paget is part of the fundamental design of the Windows operating system. It is contained within the mechanism that controls the flow of messages between different windows on the desktop. This is called the Win32 API and has remained unchanged since 1993.

[Stalemate]

As far as I'm concerned, Windows is a serious security issue.

If you're looking for a safe OS, look for a Unix/Linux box.

I'm using Windows every single day, but I'm aware that it's probably the least safe of all the OS solutions out there.

[confus-ed]

Originally posted by a d e p t
As far as I'm concerned, Windows is a serious security issue.

If you're looking for a safe OS, look for a Unix/Linux box.

BUT you are simply asking for trouble f you leave your 'guest' account open, especially if you are fool enough not to assign a p/w....

Rename & use a mad p/w is also

Generally there are more holes in unix/linux systems 'out of the box' - though there ain't such a thing... which is why generally they are more secure ... 'cos folk don't know where or what the vulnerabilities are...windoze however suffers from having every fault splattered accross numerous web pages with blow by blow instructions on how to exploit those vulnerabilities....

Owww that hurt! I was defending Bill there for a moment , oh I remember he's the richest but ugliest son of a *itch on the planet....can't have everything I suppose...!