One-year-old (unpatched) Windows 'token kidnapping' under attack | TalkBack on ZDNet

On TV.com: No LOST Promos? No Problem.

BNET Business Network:: BNET; TechRepublic; ZDNet

TalkBack 1 of 74:: Next »

Thread View
Flat View

MS should patch this but you do your readers a disservice by not mentioning: MS should patch this but you do your readers a disservice by not mentioning that this requires IIS to be installed on the machine. Since the default install of Windows does not install IIS, nor are 99.9% of desktop users likely to install IIS, this is not something that desktop users have to worry about.

Bad MS for not patching it but bad ZDNet for not specifying that this doesn't affect desktop users.; Posted by: NonZealot Posted on: 03/16/09 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

MS should patch this but you do your readers a disservice by not mentioning NonZealot | 03/16/09

Yes but.. xXSpeedzXx | 03/16/09

The problem appears to be limited to those sites... ye | 03/16/09

Or weakness in the custom .NET code. 914four | 03/17/09

To MS IIS is everything. tomam | 03/19/09

Yup 914four | 03/19/09

Remote Desktop uses IIS, doesn't it? ThePrairiePrankster | 03/19/09

not at least on Vista and above. rtk | 03/19/09

Right. More like... Richard Flude | 03/16/09

Bzzt, try again!! NonZealot | 03/16/09

Spin, spin, spin frgough | 03/16/09

Uh oh, quote time!! NonZealot | 03/16/09

You left off Richard Flude | 03/16/09

Yawn, you are getting boring NonZealot | 03/16/09

Bizarre Richard Flude | 03/16/09

"100% of Window machines get PWNED" NOT! jacarter3 | 03/17/09

Guess you didn't read about the last OS X botnet NonZealot | 03/17/09

Again rather fast and loose with the details there NonZ James Quinn | 03/17/09

@NZ: No - not at all - using your argument... jacarter3 | 03/17/09

@jacarter: Fair enough, your bolding worked NonZealot | 03/17/09

So, Richard.. MGP2 | 03/17/09

Flude Blog? brian ansorge | 03/20/09

Well Apple does suck jacarter3 | 03/17/09

Well said! 914four | 03/17/09

But I thought market share.... storm14k | 03/16/09

IIS has a tiny marketshare? NonZealot | 03/16/09

Sure? Richard Flude | 03/16/09

Common sense which seems uncommon in Apple folk NonZealot | 03/16/09

Bizarre II Richard Flude | 03/16/09

Yawn II NonZealot | 03/17/09

Well - Automated versus Attacks requiring human interaction rickb@... | 03/17/09

Holy Testicle Tuesday, Batman! jacarter3 | 03/17/09

Haha, nice title! NonZealot | 03/17/09

@jacarter3 & NonZealot - (sniff, sniff) MGP2 | 03/17/09

RE:Holy Testicle Tuesday, Batman! richdave | 03/18/09

do you even know how to code? pcguy777 | 03/18/09

Uh, about attacking servers manually... 914four | 03/17/09

In my experience... JCitizen | 03/21/09

Bad NonZ for being accurate to a point...:P James Quinn | 03/17/09

Still apologizing for Microsoft. Bruizer | 03/17/09

Wait, you mean the headline should have said it only effects IIS? readwryt@... | 03/18/09

Thanks... sykandtyed | 03/18/09

Not sure what Microsoft's problem is. ye | 03/16/09

Especially privilege escalation flaws NonZealot | 03/16/09

Their thought process is probably xXSpeedzXx | 03/16/09

Spaghetti code frgough | 03/16/09

You've seen Windows code? NonZealot | 03/16/09

Yeah Richard Flude | 03/16/09

He pretty much just ignores reality. [nt] olePigeon | 03/17/09

50 Million lines of code ryumaou@... | 03/17/09

You certainly love to Apple bash, don't ya? nix_hed | 03/18/09

BAD! honeymonster | 03/16/09

Code needs a Proof of Concept--- BALTHOR | 03/16/09

^----- uh...yeah... I'm with stupid -----^ TG2 | 03/17/09

On that note... rickb@... | 03/17/09

Question sboverie@... | 03/17/09

No, you read it right. 914four | 03/17/09

Thanks sboverie@... | 03/17/09

It's an Open Source attitude. 914four | 03/17/09

Why is Steve Ballmer still CEO? Randalllind | 03/17/09

I think perhaps... 914four | 03/17/09

NO! sysop-dr | 03/17/09

Bah. 914four | 03/17/09

LOL! - what about the price of tin foil? ...NT... joe.smetona@... | 03/17/09

Ha! And I'd be out of business!... JCitizen | 03/21/09

I wonder if this exploit is why I'm suddenly getting nonsense spam lately. D. W. Bierbaum | 03/18/09

There's no need for a tinfoil hat ... JonathonDoe | 03/18/09

RE: One-year-old (unpatched) Windows 'token kidnapping' under attack linuxiac38@... | 03/18/09

As the files were not validated.. why? magallanes | 03/18/09

RE: One-year-old (unpatched) Windows 'token kidnapping' under attack vilppuu@... | 03/18/09

How many staff? ksarkies@... | 03/19/09

Any researcher releasing public POC code.. sframberger@... | 03/20/09

Might work in a world where Microsoft Lerianis | 03/20/09

WHO CARES... jimiznhb | 03/20/09

Next »

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
Unrivaled support from Novell, now available for Red Hat Novell If Linux is going to power your mission-critical applications, you'd ... Download Now
Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Popular Sanity Saver Videos

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More