[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security Alert - O/S level bug



PureBytes Links

Trading Reference Links

Windows NT 4.0, 2000 and XP

It seems that Microsoft software developers gave no thought to how vulnerable their software can be to hackers when data sent to any number of modules is longer than what the developers intended. This phenomenon is called "buffer overflow" and is creating a field day for hackers.

Here is yet another security issue arising from buffer overflow ....

The system file MUP.SYS responds to oversized file requests by writing beyond the input buffer and into O/S kernel memory.  Random input strings may likely crash the computer. However, a skilled hacker could craft a trojan that, when run, would feed MUP.SYS with data that could overwrite O/S code and run with system level privileges. And that malicious code could do anything. 

WHAT TO DO:

Download a patch from ...

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-017.asp

               --- URL IS ALL ON ONE LINE ---


Regards,
Mark Jurik