Windows hole from 8 years ago... still there

Slashdot has a post up discussing how a security vulnerability which was first discovered 8 years ago... still exists in Windows Server 2003 and Windows XP.

The issue is one similar to many in Windows where an open port is sent data which then causes the machine to react in a way that it should not. The machine is sent data which causes it to crash - "freeze up" in this case, which is actually worse than rebooting since presumably a reboot would allow services back online once they came back up.

The "fix" for this, aside from actually not having the problem in the OS at all, is to make sure your firewall is up and working. You do have a firewall right? I believe even the built in firewall for Windows should work in this case (just make sure it doesn't get turned off by the many software products out there which do just that).

Posted by Eric at March 7, 2005 02:42 PM | TrackBack