MS04-011, which includes 14 new vulnerabilities, affects every version of Windows to one degree or another, and if exploited, could allow attackers remote access to a PC. The most serious of the bugs affect Windows NT, 2000, XP, and Server 2003.
Among the 14 vulnerabilities are 8 which could allow attackers to run their own code by exploiting such weaknesses as in the Windows log-on process and the Negotiate Security Software Provider (SSP) interface used during authentication. The most severe of the dozen-plus-two vulnerabilities -- six of the bugs are rated "Critical" -- could allow an attacker to take complete control of an system, including installing programs, deleting data, or creating new user accounts that have full access privileges.
Also in MS04-011's mega-collection of Windows bugs is one that involves SSL (Secure Socket Layer), the security protocol often used to transmit such confidential information as credit card numbers and other financial data. If any SSL-enabled services are present, and both the PCT 1.0 and SSL 2.0 protocols enabled, a remote attacker could exploit the buffer overflow vulnerability to run code of his own choosing on a vulnerable Windows server. These protocols are turned on by default in Windows NT 4.0 and Windows 2000.
"The severity of this vulnerability is compounded by the fact that SSL is most often used to secure communications involving confidential or valuable financial information, and that Firewalls and packet filtering alone will not be able to stop attacks," said Internet Security Systems' X-Force in a statement. ISS' X-Force was the group which originally brought this vulnerability to Microsoft's attention.
"X-Force believes that hackers will aggressively target this vulnerability given the high-value nature of Web sites protected by SSL."
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
