Windows 2000 Serious Flaw Found

Windows 2000, even though it’s been around even longer than XP, isn’t being ignored by the security community. Or possible hackers. A critical flaw has been found that would open the way for worms written to use the exploitable hole.

The hole is so bad that there’s no possible workaround. The hole was discovered by security company eEye. Given the unavoidable nature of the flaw, the company has refused to release exact details of the details of the problem. This is a refreshing departure from the usual Web expose that we’ve come to expect.

According to Dawn Kawamoto of CNET News:

The vulnerability in Microsoft’s operating system could enable remote intruders to enter a PC via its Internet Protocol address, Marc Maiffret, chief hacking officer at eEye Digital Security, said on Wednesday. As no action on the part of the computer user is required, the flaw could easily be exploited to create a worm attack, he noted.

What may be particularly problematic with this unpatched security hole is that a work-around is unlikely, he said.

“You can’t turn this (vulnerable) component off,” Maiffret said. “It’s always on. You can’t disable it. You can’t uninstall.”

[Continue reading Worm hole found in Windows 2000]