posted on Apr, 13 2004 @ 10:02 PM
The software security firm eEye® Digital Security has announce the existence of six new vulnerabilities in Microsoft Windows operating systems. The
announcement coincides with the release of software patches to fix the vulnerabilities. These security flaws could allow an attack to gain complete
control over an unpatched system. The timing is important development because the period of time between the confirmation of a vulnerability and the
appearance of code -usually in the form of a virus, worm, or script- to exploit it has decreased to a matter of days versus the weeks once required.
The eEye article also states that two of the six flaws were discovered 200 days
prior to the release of patches. Although not implicitly stated
in this announcement, eEye generally make the vendors of a vulnerable software package well before the public announcement. Users of MS Windows should
apply these patches immediately. They are available for manual download or via the built-in “Windows Update” feature.
eEye® Digital Security, a leading developer of network security software solutions, today announced the discovery of six new vulnerabilities
related to Microsoft (NASDAQ: MSFT) Windows®. The critical discoveries include dangerous flaws in Windows Remote Procedure Call (RPC), Local Security
Authority Subsystem Service (LSASS), and in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats. These critical security
flaws affect unpatched Windows NT, 2000, XP and Windows Server 2003 machines. eEye’s research team discovered two of the most critical vulnerabilities
as early as September 2003. The patch for these vulnerabilities released today comes more than 200 days after eEye’s discovery.
MS Announcement MS04-011
MS Announcement MS04-012