Hackers have created exploits against a long-standing, unpatched Windows "token kidnapping" vulnerability. The appearance of attacks follows a year after security researchers Cesar Cerrudo informed Microsoft of the problem in March 2008. Microsoft acknowledged the potential issue in April and published workarounds in an advisory …
There's only one thing to say at a time like this...
I thought it was "Ouch! That's gonna leave a mark!"
Of course, with MS, it will be difficult to distinguish it from all the OTHER marks...
I Say It's Past The Time When The World Drop M$
It is closed-source software. Only M$ can fix what they made. They won't fix it in a timely fashion and there are too many vulnerabilities altogether. Depending on M$ to provide software for the world's computers is foolish.
It is time to go with FLOSS. At least with FLOSS we can fix anything that goes wrong and because the software is better designed there are fewer vulnerabilities.
"Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping."
For Pity's sake. They cannot get the basics right and then bury stuff ten levels deep in a GUI. It's a house of cards. Get out from under it before it falls on you.
- +Comment Trips to Mars may be OFF: The SUN has changed in a way we've NEVER SEEN
- Vid Google opens Inbox – email for those too stupid to use email
- Pic Forget the $2499 5K iMac – today we reveal Apple's most expensive computer to date
- RUMPY PUMPY: Bone says humans BONED Neanderthals 50,000 years B.C.
- Is your home or office internet gateway one of '1.2 MILLION' wide open to hijacking?