Arashtamere writes " Microsoft admitted late Tuesday that the recently discovered encryption flaw that Israeli researchers discovered in Windows 2000 exists in XP, its most popular product.
According to the report "as recently as last Friday, Microsoft hedged in answering questions about whether XP and Vista could be attacked in the same way, saying only that later versions of Windows "contain various changes and enhancements to the random number generator." Yesterday, however, Microsoft responded to further questions and acknowledged that Windows XP is vulnerable to the complex attack that Pinkas, Gutterman and Dorrendorf (the Israeli researchers) laid out in their paper, which was published earlier this month.
Apparently Microsoft and Pinkas have argued over whether the flaw was a security vulnerability, with the former denying the bug met the definition and the latter claiming it is a serious problem that — while it needs to piggyback on another, more common kind of exploit — is far from just a theoretical threat. Tuesday, even as it conceded that XP also had a weak PRNG, Microsoft continued to downplay the possibility of an attack. "If an attacker has already compromised a victim machine, a theoretical attack could occur on Windows XP," a company spokeswoman said in an e-mail. To exploit the PRNG's flaws, an attacker must have administrative rights to the PC, something that's easily obtained by most run-of-the-mill attacks, Pinkas noted."" Link to Original Source
This discussion was created for logged-in users only, but now has been archived.
No new comments can be posted.
Microsoft admits XP has same bug as Windows 2000 0 Comments More Login /
Get More Comments