Patch now: Design flaw in Windows security allows hackers to own corporate laptops, PCs
By | Iain Thomson 10th February 2015 20:38
Nine fixes to install, three critical and one super bad
channelregister.co.uk
Another month, another Patch Tuesday, but this release has a special sting in the tail: a flaw in the fundamental design of Windows that's taken a year to correct, and is unfixable on Server 2003.
The critical blunder allows miscreants to completely take over a domain-configured Windows system if it is connected to a malicious network – wirelessly or wired. Most home users shouldn't be hit by this, as they are not usually domain-configured, but it's a massive pain in the ASCII for IT pros because work computers are typically set up to join a corporate-controlled domain.
Plug a corporate laptop, say, into a dodgy network in a cafe, and it's game over. According to Microsoft:
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This remote-code execution flaw affects all supported versions of Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1.
more at the link |
