Cerca nel blog

2005/04/21

Microsoft, dopo due mesi c’è ancora una falla critica aperta in Win2000

Microsoft takes over two months to plug nasty little hole: "GREYMAGIC SECURITY has released details of a critical hole in versions of Windows Explorer that was discovered back in January.

The company says it told the Vole about the hole back at the beginning of February but the software monopolist stiil hasn't done anything about it.

The advisory, here, details how an attacker may execute any command as the logged-on user simply by having the user select a file. Executing the file is not required for exploitation, all it takes is selecting an innocent-looking file - maybe to delete it. The exploit applies to certain versions of Windows 2000."