Articles:
Microsoft Discloses
Windows 2000 Bug - April 23th,
2005
By David Utter - Staff Writer
Private security firms GreyMagic
and Secunia develop proof of
concept
code, and Microsoft acknowledges
the bug does exist.
Stephen Toulouse, an executive
at Redmond-based technology power
Microsoft, confirmed a flaw exists
in Windows Shell.
Victims who would download a
malicious file, and then select
it in
Windows Explorer, could trigger
the exploit.
" Our initial investigation has
found that significant user
interaction would be required
for an attacker to exploit this
vulnerability," wrote Microsoft
program manager Stephen Toulouse
on the blog. "We're looking
into reports of proof of concept
code
that has been made public that
could seek to exploit this reported
vulnerability. On that note,
we're not currently aware of
any
customer impact as a result or
an attack that seeks to exploit
this vulnerability."
Mr. Toulouse recommended that
users block SMB (Server Message
Block)
traffic at the firewall. If enterprises
do that, "Windows 2000
customers connected to the Internet
would be at reduced risk from
an attack," he added.