Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Claims made of a major vulnerability in the Microsoft Windows operating system have been refuted.
Jan Fry, head of PCI at ProCheckUp Labs, claimed that the findings by 2X Software were a "little sensationalist".
Yesterday, 2X Software said that with a simple piece of code, an operating system from Windows 7/Server 2008 versions to Windows 2000/Server 2003 could be crashed with malicious applications installed.
But Fry refuted this, saying that the claims indicate that code needs to be run for the vulnerability to be exploited, so an attacker cannot just send some malicious traffic to a Microsoft server and crash it.
Fry said: "First scenario, someone is emailed a malicious application. They run it once and their machine crashes. This person is particularly stupid, so after rebooting, they run the executable again and once again the machine crashes. By now, even a potato would see the correlation and would stop running the executable.
"Second scenario, the malicious code is running as ActiveX on a malicious website. Once they visit the site, assuming they have ActiveX enabled, their machine gets restarted. I suppose this could be a legitimate threat but I hardly see it affecting 'tens of millions of devices'. The exploit is still very circumstantial.
Similar DoS exploits have been found on every flavour of browser. These have raised some concern but they are only really a genuine threat when they cause an exploitable overflow, which could, for example, be used to install a Trojan. There is no indication in the article that they have developed an exploitable overflow, so, at this stage, I don't see the threat."
Fry concluded by claiming that someone could probably write a batch file that simultaneously opens 100 Internet Explorer instances and cause an equally 'devastating' denial-of-service attack.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.