bigc73542
February 10th, 2004, 07:31 PM
Link to story: http://www.techweb.com/wire/story/TWB20040210S0016
-{ Quote: "Microsoft Warns Of Major Flaw In Windows
February 10, 2004 (4:24 p.m. EST)
By Gregg Keizer, TechWeb News
Microsoft on Tuesday afternoon alerted users of a trio of new security vulnerabilities in Windows and Internet Explorer, one of which was characterized by its discoverer as even more dangerous than the flaws that spawned some of the biggest worms of all time, Nimda and Code Red.
While the Redmond, Wash.-based developer tagged two of the three vulnerabilities as “critical” -- its highest warning rank -- one is of special concern.
The vulnerability relates to Microsoft Windows Abstract Syntax Notation (ASN), a language used to define the syntax of data messages shared between applications and computers. Any flaw in Windows' implementation of ASN is by definition critical, since the ASN library is widely used by the operating system's security subsystems, including Kerberos and NTLM authentication, as well as by applications that use digital certificates, including SSL, digitally-signed e-mail, and the ActiveX controls utilized by Microsoft's Internet Explorer browser.
.
.
." }-
-{ Quote: "Microsoft Warns Of Major Flaw In Windows
February 10, 2004 (4:24 p.m. EST)
By Gregg Keizer, TechWeb News
Microsoft on Tuesday afternoon alerted users of a trio of new security vulnerabilities in Windows and Internet Explorer, one of which was characterized by its discoverer as even more dangerous than the flaws that spawned some of the biggest worms of all time, Nimda and Code Red.
While the Redmond, Wash.-based developer tagged two of the three vulnerabilities as “critical” -- its highest warning rank -- one is of special concern.
The vulnerability relates to Microsoft Windows Abstract Syntax Notation (ASN), a language used to define the syntax of data messages shared between applications and computers. Any flaw in Windows' implementation of ASN is by definition critical, since the ASN library is widely used by the operating system's security subsystems, including Kerberos and NTLM authentication, as well as by applications that use digital certificates, including SSL, digitally-signed e-mail, and the ActiveX controls utilized by Microsoft's Internet Explorer browser.
.
.
." }-