After last week's roundup of security advisories (and some patches) for MSWindows and other MS products (MSWord, MSIE, etc), a new and potentially dangerous security bug has been reported, although there is no patch for it as of yet.
This bug affects users turning on the Remote Desktop feature in Windows XP, and allows the remote execution of code (that is, someone whom you haven't authorised to access your computer might, from another computer, get into yours and execute code on it with malicious intentions).
What is the remote desktop function? It's a feature that allows you to control your computer while you are not at it. For example, from work or while you are away on travel. (If you have ever seen those ubiquitous "PCAnywhere ads", you probably have an idea of what I'm talking about). Ideally such a feature should only allow the computer owner (and his workgroup) to access the computer in question. Well, thanks to this bug an ill-intentioned anonymous person might access your computer and cause a DoS attack from a remote location (remote location = from another computer).
The bug affects Windows XP users in spite of their Windows firewalls being turned on, SP2 installed and being fully patched.
Microsoft recommends users of its products to enable their firewall, install antivirus software and download Microsoft's security fixes, however none of these actions seem to prevent this particular remote exploit (in other words: their recommendation is useless in this case).
Microsoft has reported they are working on a patch that could be available in August. *points at date today... ahem*
Secunia advises to "Restrict incoming traffic to affected systems to reduce the risk."
Michelle (not half as a reputable source as secunia.com, although perhaps a lot more radical in this case) advises to turn off the service.
Oh, well. I'm warning you about this because I know many of you -in spite of my shameless propaganda for GNU/Linux- are using MSWindows. I am not. ^_^
Technorati tags: Security, Microsoft, Windows
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment