while the san jose paper notes it's a microsoft problem, computerworld 
notes that it's probably more than just a potential inconvenience:

http://www.computerworld.com/securitytopics/security/holes/story/0,10801,83619,00.html?nas=PM-83619

Concerns mount over possible big Net attack
 
A flaw that affects almost all versions of the Windows operating system 
could be exploited 

 By Paul Roberts, IDG News Service
 JULY 31, 2003

Security experts warn that a recently disclosed security vulnerability 
in Microsoft Corp.'s Windows operating system may soon be used by a 
powerful Internet worm that could disrupt traffic on the Internet and 
affect millions of machines worldwide. 

The vulnerability, a buffer overrun in a Windows interface that handles 
the remote procedure call (RPC) protocol, was acknowledged by Microsoft 
in Security Bulletin MS03-026 on July 16. Today, the U.S. Department of 
Homeland Security updated an earlier warning about the RPC 
vulnerability, noting increased network scanning and the widespread 
distribution of working exploits on the Internet. 

The vulnerability affects almost all versions of Windows and could 
enable remote attackers to place and run malicious code on affected 
machines, giving them total control over the systems, Microsoft said. 

No user interaction would be required for machines to be compromised, 
prompting security experts to liken the RPC vulnerability to the 
buffer-overflow vulnerability in Microsoft's Internet Information 
Server (IIS) that was exploited by the Code Red worm in July 2001. "I 
would compare [the RPC vulnerability] to Code Red. It doesn't require 
user interaction, and the number of infectable machines is on same 
order of magnitude," said Johannes Ullrich, chief technology officer at 
the Bethesda, Md.-based SANS Institute's Internet Storm Center. . . .
-- 
dep

Feelings of worthlessness are often brought on by worthlessness.
_______________________________________________
Linux-users mailing list
[EMAIL PROTECTED]
Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users

Reply via email to