Forum Moderators: open
eWeek article [eweek.com]
Microsoft Uncovers Critical Windows Security HoleFebruary 10, 2004
Microsoft on Tuesday warned of a serious security vulnerability in all of the current versions of Windows that not only allows an attacker to run code on vulnerable machines, but also enables him to install software and change and delete data.
Microsoft Security Bulletin MS04-007 [microsoft.com]
I don't see any mention of Windows 9x in MS's list of affected systems. They say that "other versions either no longer include security update support or may not be affected."
@ CNN.com [cnn.com]
Marc Maiffret, co-founder of eEye Digital Security, the company that discovered the flaw, criticized Microsoft for taking more than six months to come up with a patch to fix the problem, particularly since the flaw allows an attacker multiple ways to break into a system and could do almost anything they wanted to the system.
Well it doesn't surprise me anymore, unfortunately.
The affected software is:
Microsoft Windows NT Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP, Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows XP 64-Bit Edition Version 2003 Service Pack 1
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
