 |
 |
| ActiveWin | Anonymous | Create a User | Reviews | News | Forums | Advertise | VBA in Excel | Users Online: 0 |
|
|
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
Active Network |
|
ActiveMac |
|
ActiveWin |
|
ActiveXbox |
|
DirectX |
|
Downloads |
|
FAQs |
|
Interviews |
|
MS Games & Hardware |
|
Reviews |
|
Rocky Bytes |
|
Support Center |
|
TopTechTips |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows Vista |
|
Windows XP |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
Apple/Mac |
|
Xbox/Xbox 360 |
|
News Search |
|
XML/RSS Newsfeeds |
|
Pocket PC Site |
|
|
|
|
|
|
|
FAQ's |
|
Windows Vista |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows XP |
|
Windows 7 |
|
Windows 8 |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox 360 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
Latest Reviews |
|
Xbox/Games |
|
Fable 2 |
|
|
|
Applications |
|
Windows Server 2008 R2 |
|
Windows 7 |
|
Adobe CS5 Master Collection |
|
|
|
Hardware |
|
Microsoft Express Mouse |
|
|
|
|
|
|
|
Latest Interviews |
|
Mike Swanson |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Advertise |
|
Affiliates |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
 |
Exploit code for Microsoft vulnerability circulating | |
|
||
| Time: 14:16 EST/19:16 GMT | News Source: E-Mail | Posted By: Byron Hinson | ||
|
Security researchers say code designed to exploit a recently announced critical vulnerability in Microsoft operating systems now is widespread on the Internet. The code crashes targeted computers by exploiting a flaw in Microsoft’s Abstract Syntax Notation 1 Library in Windows NT, 2000 and XP. The exploit code was discovered Saturday, four days after the vulnerability and a patch to correct it was announced by Microsoft. |
||
|
Read Only Comments Return to News |
Displaying Comments 1 through 3 of 3 |
This is an archived static copy of ActiveWin.com. |
| #1 By 2332 (65.221.182.2) at Tuesday, February 17, 2004 02:31:17 AM |
|
#5 - I do. It won't crash your Linux box. It will crash apache child processes if you're using 0.9.6j (just tried it on such a box), but it won't crash Apache itself, much less your whole box. Why is it that this exploit can crash Windows? Is it because IIS does its SSL processing in kernel mode?
No, IIS does not process SSL in kernel mode. Only IIS 6 has any kernel mode listeners, and in that case it's only "http.sys", which is a caching facility. The exploit didn't crash your Linux box probably because you got lucky. A buffer overrun by its very nature can crash an entire system depending on where in memory that particular stack is loaded. If it happens to be physically close to an important region of memory, it could crash your entire OS. Now, the OS does have the ability to protect certain memory areas, but in many cases it can't protect them all. While it can protect the system from a crash when a certain process does something that causes itself to crash (null pointer exceptions, some kinds of buffer overruns, stack overflows, etc), it can't always stop a process from overwriting protected memory areas through the use of large (or unfourtunately placed) overruns. That's where managed code comes in. (Java, .NET, etc.) |
| #2 By 3 (62.252.0.4) at Tuesday, February 17, 2004 02:10:00 PM |
| Let's cut out the insults going round all over the site, if you don't agree with people's views then fine, you are entitled to comment, but don't lambaste people just for the sake of trying to get reactions, it's pathetic all round. |
| #3 By 3 (62.252.0.4) at Tuesday, February 17, 2004 06:05:53 PM |
| I don't believe faker was the insult I was referring too, if you have a problem take it up with the staff by e-mail, I can't check all the comments otherwise far more of them would be removed. |
