Tuesday, June 22, 2021

Beware That Windows Error Message

Microsoft on Thursday warned of a buffer overrun
vulnerability in the way the Windows kernel passes error messages to a
debugger and issued a security patch to plug the holes on Windows NT 4.0,
Windows 2000 and Windows XP systems.

The vulnerability alert included a warning that
an intruder could use the flaw to elevate privileges and a recommendation
that sysadmins running susceptible systems install the patch
immediately.

The vulnerability carries an ‘important’ rating, Microsoft’s second
highest on a four-level scale introduced late last year.

The software giant said the vulnerability exists because an attacker
could write a program to exploit this flaw and run code of his or her choice. “An
attacker could exploit this vulnerability to take any action on the system
including deleting data, adding accounts with administrative access, or
reconfiguring the system,” it cautioned.

For an attack to succeed, an intruder would need to be able to logon
interactively to the system, either at the console or through a terminal
session. A successful attack would also require the introduction of code in
order to exploit this vulnerability.

“Because best practices recommends
restricting the ability to logon interactively on servers, this issue most
directly affects client systems and terminal servers,” Microsoft added.

“Standard best practices recommend only allowing trusted administrators
to log onto such systems interactively; without such privileges, an attacker
could not exploit the vulnerability,” the company said.

Similar articles

Latest Articles

3 AI Implementations That...

I was on a joint educational call for the World Talent Economic Economic forum on mobile computing this week. We drifted to topics that...

Survey of Site Reliability...

NEW YORK — Site reliability engineers (SREs) are warning of a looming scalability ceiling and saying the adoption of AIOps isn’t happening at a...

Druva Integrates sfApex to...

SUNNYVALE, Calif. — A maker of software for cloud data protection and management is helping companies safeguard essential customer data that their sales and...

Best Data Science Tools...

Data science has transformed our world. The ability to extract insights from enormous sets of structured and unstructured data has revolutionized numerous fields —...