Vulnerability Development mailing list archives
Re: [Fwd: Re: Windows fuzz]
From: Andreas Hasenack <andreas () conectiva com br>
Date: Fri, 12 Jul 2002 14:18:25 -0300
http://www.eweek.com/article2/0,3959,5264,00.asp It could be this the MS exec was talking about in the above URL: During his second day on the stand, Allchin conceded that Microsoft has already identified at least one protocol and two APIs that it plans to withhold from public disclosure under the security carve-out. The protocol, which is part of Message Queuing, contains a coding mistake that would threaten the security of enterprise systems using it if it were disclosed, Allchin said. Em Sat, Jul 06, 2002 at 08:04:56PM -0700, Blue Boar escreveu:
I am writing an academic paper on such vulnerabilities in event-driven systems and I am sending it tomorrow to a conference for review. :) In event-driven systems it is common to be able to send events (=messages) from unprivileged users to priviliged users (guest -> Administrator). In Windows 2000, an unpriviliged process (example:
(...)
Current thread:
- [Fwd: Re: Windows fuzz] Blue Boar (Jul 06)
- Windows fuzz - Following on. Brett Moore (Jul 09)
- Re: [Fwd: Re: Windows fuzz] Andreas Hasenack (Jul 12)