Moore
04-14-2004, 02:49 PM
hi i noticed this today , hope this is ok to post here if not do what you will , if its been mentioned already im sorry , but it doesnt sound very good. :eek:
----------------------------------------------------------------
eEye Digital Security Uncovers Dangerous Vulnerabilities in Microsoft Windows
Six new vulnerabilities related to Microsoft Windows were announced today.
http://www.eeye.com/html/Press/PR20040413.html
The discoveries include critical flaws in Windows Remote Procedure Call (RPC), Local Security Authority Subsystem Service (LSASS), and in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats.
Of the six newly discovered, four are extremely critical since they allow for the remote execution of code on unpatched machines.
Systems Affected
Affected systems include all current versions of Microsoft Windows and Windows Server 2003.
Potential Impact
These vulnerabilities could potentially allow an attacker to take complete control of an affected system. An attacker could then take any action on the affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. eEye and Microsoft have released detailed advisories to alert Windows users of the need to immediately secure vulnerable machines on their networks.
April 13, 2004 - eEye® Digital Security Discovers Six New Security Flaws in Microsoft Windows®
eEye’s Retina® Network Security Scanner can Detect and Remediate the Latest Vulnerabilities that Could Allow for the Execution of Malicious Code Similar to the MS Blaster Worm
ALISO VIEJO, Calif. – April 13, 2004 – eEye® Digital Security, a leading developer of network security software solutions, today announced the discovery of six new vulnerabilities related to Microsoft (NASDAQ: MSFT) Windows®. The critical discoveries include dangerous flaws in Windows Remote Procedure Call (RPC), Local Security Authority Subsystem Service (LSASS), and in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats. These critical security flaws affect unpatched Windows NT, 2000, XP and Windows Server 2003 machines. eEye’s research team discovered two of the most critical vulnerabilities as early as September 2003. The patch for these vulnerabilities released today comes more than 200 days after eEye’s discovery.
"Companies should address these particular vulnerabilities without delay since they can be exploited remotely," said Firas Raouf, chief operating officer, eEye Digital Security. “Because of the increasing sophistication of hackers to exploit vulnerabilities such as this one, the window of opportunity to address them is quickly shrinking. Where organizations once had weeks or even months to patch these security threats, they now have a precious few days, or even hours, before network vulnerabilities can be exploited. As a result, enterprises of all sizes should take immediate steps to implement programs that allow them to identify and remediate vulnerabilities as soon as they are discovered.”
----------------------------------------------------------------
eEye Digital Security Uncovers Dangerous Vulnerabilities in Microsoft Windows
Six new vulnerabilities related to Microsoft Windows were announced today.
http://www.eeye.com/html/Press/PR20040413.html
The discoveries include critical flaws in Windows Remote Procedure Call (RPC), Local Security Authority Subsystem Service (LSASS), and in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats.
Of the six newly discovered, four are extremely critical since they allow for the remote execution of code on unpatched machines.
Systems Affected
Affected systems include all current versions of Microsoft Windows and Windows Server 2003.
Potential Impact
These vulnerabilities could potentially allow an attacker to take complete control of an affected system. An attacker could then take any action on the affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. eEye and Microsoft have released detailed advisories to alert Windows users of the need to immediately secure vulnerable machines on their networks.
April 13, 2004 - eEye® Digital Security Discovers Six New Security Flaws in Microsoft Windows®
eEye’s Retina® Network Security Scanner can Detect and Remediate the Latest Vulnerabilities that Could Allow for the Execution of Malicious Code Similar to the MS Blaster Worm
ALISO VIEJO, Calif. – April 13, 2004 – eEye® Digital Security, a leading developer of network security software solutions, today announced the discovery of six new vulnerabilities related to Microsoft (NASDAQ: MSFT) Windows®. The critical discoveries include dangerous flaws in Windows Remote Procedure Call (RPC), Local Security Authority Subsystem Service (LSASS), and in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats. These critical security flaws affect unpatched Windows NT, 2000, XP and Windows Server 2003 machines. eEye’s research team discovered two of the most critical vulnerabilities as early as September 2003. The patch for these vulnerabilities released today comes more than 200 days after eEye’s discovery.
"Companies should address these particular vulnerabilities without delay since they can be exploited remotely," said Firas Raouf, chief operating officer, eEye Digital Security. “Because of the increasing sophistication of hackers to exploit vulnerabilities such as this one, the window of opportunity to address them is quickly shrinking. Where organizations once had weeks or even months to patch these security threats, they now have a precious few days, or even hours, before network vulnerabilities can be exploited. As a result, enterprises of all sizes should take immediate steps to implement programs that allow them to identify and remediate vulnerabilities as soon as they are discovered.”