Researcher Says Windows XP SP2 Has DoS Bug
The flaw in Microsoft Windows XP Service Pack 2 will permit a denial-of-service attack against systems that are up-to-date, patched, and have the Windows Firewall set in the default configuration.
Microsoft Windows XP SP2 has a bug in its kernel that could let attackers bring down the machine with a denial-of-service (DoS) attack, vulnerability tracker Secunia said Friday. "Microsoft is currently investigating public reports of a possible vulnerability in Windows," a spokesman said Friday afternoon. "We have not been made aware of attacks that try to use the reported vulnerability, or of [any[ customer impact." The flaw, called "Moderately critical" by Secunia and first reported by a site called Security-Protocols.com, reportedly can be exploited against up-to-date and patched XP SP2 systems that have Windows firewall set in the default configuration. The researcher who posted the original alert on Security Protocols, who goes by "badpack3t," claimed that he had notified Microsoft on May 4, and that Microsoft had informed him it would release a patch for the issue in its August 9 security round-up. badpack3t has posted a screenshot showing an alleged error screen resulting from the vulnerability. Microsoft would not confirm that it plans to patch the vulnerability next month, but the spokesperson said that it only affects PCs that have Remote Desktop Service enabled. Remote Desktop, a remote control application tucked into XP, is disabled by default. As is its norm, the Redmond, Wash.-based developer also criticized the researcher for publicizing the vulnerability before a patch was ready, "putting users at risk," said the spokesperson. "We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests," she added.
Reproduced from an article published by Information Week
© Information Week
The original article can be viewed here:
http://informationweek.com/story/showArticle.jhtml?articleID=165702842
Permalink Bookmark Digg this story
