Windows Open to Attack Through Large Hole

TechWeb: Microsoft late Wednesday warned Windows users that proof-of-concept code was in circulation that could be remotely and anonymously exploited on Windows 2000 machines. Windows XP SP1 is somewhat less vulnerable, said Microsoft.

The security advisory gave out few details of the vulnerability, only saying that it was a flaw in the RPC (Remote Procedure Call) component, and could result in a denial-of-service attack that would crash affected computers.

“On Windows XP Service Pack 1, an attacker must have valid logon credentials to try to exploit this vulnerability,” Microsoft said in the advisory. Windows 2000, however, can be attacked remotely. That aged operating system has been victimized by several vulnerabilities which have singled it out for attack since mid-year, including August’s Zotob campaign.

Windows XP SP2, Windows Server 2003, and Windows Server 2003 SP1 are immune to attack.