Microsoft Finally Fixes 8 Year-Old Security Flaw
Last week, Microsoft patched a security flaw that affects Windows XP, 2000, and Vista, as well as Server 2003 and 2008. The flaw, called an SMB relay attack, would allow a hacker to use the Windows file and print sharing feature to take control of a computer or network of computers.
According to Metasploit, an open source security software company, the flaw has been known since 2001. Security firm Symantec traces the public disclosure of the flaw back even further to 2000. Let's do the math here: Microsoft has taken somewhere between seven and eight years to plug a security hole that can be executed with publicly available software and an e-mail. It's no wonder Windows has developed a reputation as being terribly insecure.
The attack can be thwarted with a firewall, but if a hacker can gain access to the network, there is little to stop them from stealing authentication data that would allow them to control any PC that has file or print-sharing enabled.
If Microsoft truly wants to reassert its dominance in the computer world with the upcoming Windows 7, it may want to start plugging these holes long before their age hits the double digits. [From: PC World]