パッチを逆用。Windows 2000の脆弱性実証コードが公開
MicrosoftのWindows 2000に見つかった脆弱性の実証コードがオンラインに掲載され、何百万人ものユーザーがPC乗っ取りの危険にさらされている。
要領を得ない記事であるな.
しばらく注目しよう.
追記
原文の解読を試みるExploit code for a known security flaw in Microsoft (Quote, Chart) Windows 2000 has been posted online, putting millions of users at risk of a PC hijack.Less than a week after Microsoft released a fix for an "important" privilege elevation vulnerability in the Windows 2000 Utility Manager feature, hackers have reverse-engineered the patch and released the code that could lead to an exploit.
Microsoft confirmed that the vulnerability could allow a logged-on user to misuse the Utility Manager to start an application with system privileges and take control of the system.
"An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges," the company warned.
A patch for the MS04-019 vulnerability is available now.
この英文は,英文からして意味がわかりにくいのだが,MS04-019が当たっていないWindows 2000 Utility Managerに対する攻撃コードがonlineにpostされたという理解でいいのかな?つまりMS04-019が当たっていれば大丈夫と.
