Windows exploit code raises threat alert

by admin November 18, 2005 at 4:22 am

And there ain’t no patch on it…

Exploit code has been published that could take advantage of flaws in Windows XP SP1 and Windows 2000 SP4, according to a warning issued on Thursday by Microsoft.

Although the exploit code could be used to launch a denial of service attack in machines running XP SP1 and Windows 2000 with all service pack versions, the threat is only moderately severe, said Stephen Manzuik, a product manager at security research company eEye Digital Security.

Manzuik said: “On a scale of 10, it would be about a four or five on severity. All it will do is crash some machines and not crash others.”

The exploit code could allow an attacker to launch a remote denial-of-service attack on Windows 2000 machines using all service pack versions but would require a user authentication on Windows XP SP1 computers, he added.

Full story: silicon.com