Old Windows kernel bug comes back to bite
,----[ Quote ]
| On October 22, 2004, Argentine hacker Cesar Cerrudo approached
| Microsoft with the discovery of a Windows Kernel GDI local
| privilege escalation vulnerability. At the time, Cerrudo said
| Redmond's security response team deemed it a "design problem" and
| filed it away as something "to be fixed in a future service pack."
|
| Late last year, during LMH's month of kernel bugs project, details on this
| bug again surfaced with debugger information a note that it remains
| unpatched after more than two years.
|
| Now comes word from Immunity Inc.'s Dave Aitel that his research team has
| written a reliable exploit that gives an attacker local root access on
| Windows 2000 and Windows XP systems.
`----
http://blogs.zdnet.com/security/?p=123
Should Microsoft downgrade Vista vulnerabilities?
,----[ Quote ]
| The man who wrote the book on Microsoft's highly rated SDL
| (Security Development Lifecycle) believes buffer-related
| security vulnerabilities found in Windows Vista should be
| downgraded because of back-up mitigations built into the
| operating system.
`----
http://blogs.zdnet.com/security/?p=121
|
|