ALL Windows versions open to serious attack by “old” bug

The Register has picked up news of yet another Microsoft Windows bug. The really scary thing about this one however is that it was originally recognised, and seemingly fixed, in 1999! According to the article this bug is apparently still real, and affects ALL versions of Windows. Including their very recent, and supposedly re-written from scratch, Vista line.

Microsoft bug squashers are investigating reports of a serious security vulnerability in Windows operating systems that could allow attackers to take control of vast numbers of machines, particularly those located off US shores.

Microsoft appears to have released a patch for the vulnerability in 1999. But the patch only protected domain names ending in .com, so WPAD servers using all other addresses have remained vulnerable.

That’s all right then. Although not if you are on a .co.uk or even perhaps a .gov.uk (oh no… NOT http://www.hmrc.gov.uk/ . Surely they wouldn’t be using Windows would they?) or any of the other TLDs out there that aren’t .com.

It makes me very glad to be Redmond Free

I originally read about this story on Matt Assay’s blog.

Tags: , ,

Leave a Reply

XHTML: You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>