Microsoft confirm that MS05-039 can affect Windows XP SP1 without authentication
Microsoft have confirmed that it is possible to exploit the MS05–039 Plug and Play vulnerability on Windows XP SP1 hosts that have not applied the patch with out authentication under specific circumstances.
The scenario only impacts computers that have not been upgraded to Windows XP SP2, are not part of a domain, are not protected by a firewall, have not applied the MS05-039 patch, and have enabled "Simple File and Print Sharing" in a home environment or in a workgroup. Under these conditions, the "Guest" account on the computer would then be available to remote users. As a result is possible to access the system without proper authentication and exploit the Plug and Play vulnerability.Just to reiterate, this scenario, does not affect Windows XP SP2 users or Windows XP SP1 users that are part of a domain and any user that has installed the patch.Currently Microsoft are claiming that none of the current exploits for the MS05–039 vulnerability exploit this scenario however it only a matter of time. Our advice to you is patch the vulnerability as soon as possible, and don’t forget to reboot your machine afterwards.
source:virus.org
0 Comments:
Post a Comment
<< Home