Microsoft Corp is attempting to plug a glaring hole in some versions of its Windows software, a weakness similar to those exploited by the devastating "Blaster" and "Sasser" attacks, a security expert said.
The patch, included in the company's monthly security bulletin, fixes a hole that could allow hackers to take complete control of computer systems, Microsoft said.
The problem is most serious on Windows 2000 systems, which could be accessed remotely through the operating system's "Plug and Play" hardware detection feature.
Windows Server 2003 and Windows XP systems with major security updates are less vulnerable, but still could be affected by certain remote users or those within local systems, the company said.
Marc Maiffret, chief hacking officer for eEye Digital Security, said on Tuesday that the hole resembled weaknesses that allowed the "Blaster" and "Sasser" worms to infect hundreds of thousands of computers worldwide.
"This is the type of vulnerability that's been exploited many times, and those two worms are the biggest examples because they had the biggest impact," Maiffret said.
Microsoft rated the patch "critical," its most serious designation, for Windows 2000. Two other upgrades in this month's bulletin also received the critical rating.
The flaw's less-serious effect on Windows XP systems suggests the company may have tried to address the problem, but left users with older software mostly unprotected, Maiffret said.
"This bug has existed in code that's over four years old," he said. "It can't be the first time that somebody finally looked at it."
Improved security can be expected on newer software, but Microsoft said a wider hole in Windows 2000 doesn't signal any effort to avoid fixing problems with the older software.
‘UPHOLDING PEACE’: Taiwan’s foreign minister thanked the US Congress for using a ‘creative and effective way’ to deter Chinese military aggression toward the nation The US House of Representatives on Monday passed the Taiwan Conflict Deterrence Act, aimed at deterring Chinese aggression toward Taiwan by threatening to publish information about Chinese Communist Party (CCP) officials’ “illicit” financial assets if Beijing were to attack. The act would also “restrict financial services for certain immediate family of such officials,” the text of the legislation says. The bill was introduced in January last year by US representatives French Hill and Brad Sherman. After remarks from several members, it passed unanimously. “If China chooses to attack the free people of Taiwan, [the bill] requires the Treasury secretary to publish the illicit
A senior US military official yesterday warned his Chinese counterpart against Beijing’s “dangerous” moves in the South China Sea during the first talks of their kind between the commanders. Washington and Beijing remain at odds on issues from trade to the status of Taiwan and China’s increasingly assertive approach in disputed maritime regions, but they have sought to re-establish regular military-to-military talks in a bid to prevent flashpoint disputes from spinning out of control. Samuel Paparo, commander of the US Indo-Pacific Command, and Wu Yanan (吳亞男), head of the People’s Liberation Army (PLA) Southern Theater Command, talked via videoconference. Paparo “underscored the importance
CHINA POLICY: At the seventh US-EU Dialogue on China, the two sides issued strong support for Taiwan and condemned China’s actions in the South China Sea The US and EU issued a joint statement on Wednesday supporting Taiwan’s international participation, notably omitting the “one China” policy in a departure from previous similar statements, following high-level talks on China and the Indo-Pacific region. The statement also urged China to show restraint in the Taiwan Strait. US Deputy Secretary of State Kurt Campbell and European External Action Service Secretary-General Stefano Sannino cochaired the seventh US-EU Dialogue on China and the sixth US-EU Indo-Pacific Consultations from Monday to Tuesday. Since the Indo-Pacific consultations were launched in 2021, references to the “one China” policy have appeared in every statement apart from the
NO HUMAN ERROR: After the incident, the Coast Guard Administration said it would obtain uncrewed aerial vehicles and vessels to boost its detection capacity Authorities would improve border control to prevent unlawful entry into Taiwan’s waters and safeguard national security, the Mainland Affairs Council (MAC) said yesterday after a Chinese man reached the nation’s coast on an inflatable boat, saying he “defected to freedom.” The man was found on a rubber boat when he was about to set foot on Taiwan at the estuary of Houkeng River (後坑溪) near Taiping Borough (太平) in New Taipei City’s Linkou District (林口), authorities said. The Coast Guard Administration’s (CGA) northern branch said it received a report at 6:30am yesterday morning from the New Taipei City Fire Department about a