Microsoft Finds Time In Its Hectic Schedule To Fix A Six Month Old Vulnerability

Itis been quite a while since weive heard our friends in Redmond warn us of a critical flaw in any of its software (over a week, in fact!), so itis about time. According to an article at ZDNet, Microsoft has issued a patch for Windows NT, Windows 2000, Windows XP, and Windows Server 2003 that fixes a major flaw in the operating systemsi networking system. The flaw was reported to Microsoft over six months ago, according to eEye, a security solutions provider, and the folks there are none too happy about it. From ZDNet:

On Tuesday, the software giant released a fix for a networking flaw that affects every computer running Windows NT, Windows 2000, Windows XP or Windows Server 2003. If left unpatched, the security hole could allow a worm to spread quickly throughout the Internet, causing an incident similar to the MSBlast attack last summer.


The latest flaw exists in Microsoftis implementation of a basic networking protocol known as Abstract Syntax Notation One, or ASN.1. The code is shared by many Windows applications, and if left unpatched, it causes each program that uses the code to be an entry point into the operating system for an attacker.


eEyeis Maiffret was critical of Microsoft for taking so long to issue the patch. "Two hundred days to fix this," Maiffret said. "It is obviously ridiculous."

Microsoftis Toulouse said the fix took so long to create because of the difficulties posed by such a pervasive technology.

You can read the full article at ZDNetis Web site.