"These flaws can be detected and exploited remotely, and have the potential to cause serious damage if not immediately remediated," said executives at eEye Digital Security, the firm which uncovered the problem in July, 2003. "Ironically, the security-related functionality in Windows is especially adept at rendering a machine vulnerable to an attack."
At Microsoft's request, eEye held off disclosure of the vulnerability until a patch was created, tested, and released.
One of the other two bulletins, also rated "critical," relates to Internet Explorer, which has been patched several times in recent weeks. The patch corrects three newly-announced vulnerabilities that include flaws in the browser's security model, its URL parsing (which can lead to "spoofed" addresses, ones leading to malicious Web sites that disguise themselves as legitimate URLs), and in its drag-and-drop operations.
Internet Explorer versions 5.01 and later are affected, said Microsoft, and users should immediately apply the patch.
The third bulletin, ranked as "important," Microsoft's second-most dangerous rating, applies to Windows NT, Windows 2000, and Windows Server 2003, and stems from a problem in how Windows' Internet Naming Service (WINS) validates data packets. Hackers could exploit this bug to bring down a WINS server.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
