Old Bug Up To New Tricks
SCMagazine reported this week that researchers in Malta have discovered a decade-old vulnerability, present in all versions of Windows since 2000. This bug can cause PCs to crash instantaneously and without warning, as well as reeling the compromised machine into a distributed denial-of-service (DDoS) attack. This exploit is only dangerous if the user is duped into running an app with the malicious code (according to Paul Gafa, CTO of 2X Software).
The bug was discovered while Gafa was writing a software testing app:
“You can be the least privileged user on the system and still crash it,” Gafa said. “I believe it is very easy for Microsoft to sort it out. They just need to validate arguments passed to Windows APIs.” (source: SC Magazine)
Microsoft is currently aware of the defect and responded with this insight:
“Our initial assessment of the report is that malicious code would have to already be running or a user would have to be able to run a specially crafted application to cause the system to crash. In either case, the system has already been compromised or the user has rights to logon to the system.”
I’m curious to hear if anyone has other stories of old bugs causing new problems or vulnerabilities?
@Jennifer,
I have seen many dDoS attacks while I was on IRC ( Internet Relay Chat ). I have been dDoS’ed several times as well *smiles*. But, it was a good experience getting dDoS’ed ( Loved the way I got flooded with so many messages at a time ).
dDoS on Windows machine used to end up in BSOD ( Blue Screen of Death ). But I have never seen BSOD from past few months because I haven’t seen dDoS attacks hehe *smiles*.
It would be good to see if Microsoft has some dDoS handling feature implemented into their OS *smiles*.
Thanks,
Santhosh Shivanand Tuppad