while the san jose paper notes it's a microsoft problem, computerworld notes that it's probably more than just a potential inconvenience:
http://www.computerworld.com/securitytopics/security/holes/story/0,10801,83619,00.html?nas=PM-83619 Concerns mount over possible big Net attack A flaw that affects almost all versions of the Windows operating system could be exploited By Paul Roberts, IDG News Service JULY 31, 2003 Security experts warn that a recently disclosed security vulnerability in Microsoft Corp.'s Windows operating system may soon be used by a powerful Internet worm that could disrupt traffic on the Internet and affect millions of machines worldwide. The vulnerability, a buffer overrun in a Windows interface that handles the remote procedure call (RPC) protocol, was acknowledged by Microsoft in Security Bulletin MS03-026 on July 16. Today, the U.S. Department of Homeland Security updated an earlier warning about the RPC vulnerability, noting increased network scanning and the widespread distribution of working exploits on the Internet. The vulnerability affects almost all versions of Windows and could enable remote attackers to place and run malicious code on affected machines, giving them total control over the systems, Microsoft said. No user interaction would be required for machines to be compromised, prompting security experts to liken the RPC vulnerability to the buffer-overflow vulnerability in Microsoft's Internet Information Server (IIS) that was exploited by the Code Red worm in July 2001. "I would compare [the RPC vulnerability] to Code Red. It doesn't require user interaction, and the number of infectable machines is on same order of magnitude," said Johannes Ullrich, chief technology officer at the Bethesda, Md.-based SANS Institute's Internet Storm Center. . . . -- dep Feelings of worthlessness are often brought on by worthlessness. _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
