1. Hiatus
2. RIP, Satoru Iwata
3. Let there be Robot Battles
4. Regarding pixel art!
5. 16-bit Star Wars
6. Goodbye, Spock.
7. James Randi Retires
8. More Star Wars on GOG
9. gives you DOS Games
10. Ralph Baer, RIP.
1. Quickie: Impressions June 2014
2. Quickie: Penny Arcade Episode 3
3. Quickie: The Amazing Spider-Man
4. Quickie: Transformers: Fall of Cybertron
5. Quickie: Prototype 2
6. Quickie: Microsoft Kinect
7. Quickie: X-Men Destiny
8. Spider-Man: Edge of Time
9. Quickie: Transformers Dark of the Moon
10. Quickie: Borderlands GOTY
1. Musings 45: Penny Arcade and The Gripping Hand
2. Movie Review: Pacific Rim
3. Movie Review: Wreck-It Ralph
4. Glide Wrapper Repository
5. Movie Review: Winnie The Pooh
6. Musings 44: PC Gaming? Maybe it's on Life Support
7. Video Games Live 2009
8. Movie Review: District 9
9. Musings: Stardock, DRM, and Gamers' Rights
10. Musings: How DRM Hurts PC Gaming
Main Menu

X-bit labs
The Tech Zone
Twin Galaxies


 Log in Problems?
 New User? Sign Up!

 Feb 02, 2005 - 11:00 AM - by Michael
* MS claims flaw not a flaw

Printer-friendly page Print this story   Email this to a friend
PC Games/Hardware/Microsoft
MS is now claiming that the recently released SP2 flaw isn't actually a flaw.

Now all we need is to hear "it's really an undocumented feature."

In an e-mail message to CNET, Microsoft representatives said the company would continue to modify the technology and would evaluate ways to mitigate the reported method of bypass.

Those "security technologies in Windows XP Service Pack 2 are meant to help make it more difficult for an attacker to run malicious software on the computer as the result of a buffer-overrun vulnerability," the representatives said in the statement. "Our early analysis indicates that this attempt to bypass these features is not security vulnerability."

Positive said that attack programs that use the exploit to get around Windows XP Service Pack 2 protections work reliably, allowing intruders to introduce malicious code onto machines using a second vulnerability that would otherwise not work on Service Pack 2 because of the protection mechanisms.


However, at least one industry expert said that Positive's report of the threat may not be completely fair to Microsoft. Peter Lindstrom, a research director at Spire Security, observed that the Data Execution Protection vulnerability is unlikely to be seized upon by hackers. It relates more to core security issues with the design of many different kinds of software, not just tools made by Microsoft, he said.


Home :: Share Your Story
Site contents copyright Glide Underground.
Want to syndicate our news? Hook in to our RSS Feed.