Advertisment

MS urges for responsible disclosure of vulnerabilities

author-image
CIOL Bureau
Updated On
New Update

NEW DELHI: A security researcher while investigating the vulnerability addressed by Security Bulletin MS05-047, has brought to light a vulnerability in MS Windows 2000 Service Pack 4 and in MS Windows XP Service Pack 1, which can allow an attacker to perform a denial of service attack of limited duration.

Advertisment

According to the Microsoft Security Advisory for Windows XP Service Pack 1, an attacker must have valid logon credentials to try to exploit this vulnerability. The vulnerability could not be exploited remotely by anonymous users. However, the affected component is available remotely to users who have standard user accounts. Customers who have installed Windows XP Service Pack 2, and those running Windows Server 2003 and Windows Server 2003 Service Pack 1 remain unaffected by this vulnerability.

Microsoft has expressed concern over the way this critical information was handled and has said that it was not 'disclosed responsibly'. However, the software maker is actively monitoring this situation to keep customers informed and to provide necessary guidance. It has urged security researchers to inform of such vulnerabilities directly to the vendor who can in turn take necessary corrective measures to safeguard its customers.

Microsoft has urged the customers to follow the Protect Your PC guidance of enabling a firewall, getting software updates, and installing antivirus software.



tech-news