Tuesday, August 9, 2011

Microsoft Fixes Ring of Death

[The vulnerability marked "CVE-2011-1871" brought back memories for Storms.

"This looks like the "Ping of Death" from the early-to-mid 1990s," said Storms. "Then, when a specially-crafted ping request was sent to a host, it caused the Windows PC to blue screen, and then reboot."

Two decades ago, the Ping of Death was used to bring down Windows PCs remotely, often as a way to show the instability of the operating system. "People would say, 'You're stupid to put your machines on the Internet," said Storms.

"My suspicion is that if this catches fire and someone writes a small attack tool and releases it, you could see [Windows PCs] blue screened at your local coffee shop," Storms said, talking about the possibility of crashing machines on a free Wi-Fi network.

Storms said it appeared that today's "Ping of Death" bug was a different vulnerability than Microsoft patched in its now-ancient OSes of the 1990s.]

The bug exists in Windows Vista, Server 2008, Windows 7 and Server 2008 R2, Microsoft said, but not in Windows XP or Server 2003.]

No comments: