Förderverein Informationstechnik und Gesellschaft
Microsoft Sits on Security Flaw for Six Months
Posted by michael on Tuesday February 10, @04:13PM from the you've-already-been-hacked dept.
pmf writes "Yet another critical vulnerability affecting Windows 2000/XP/2003 has been just announced by eEye. It is worthy to note, that it took Microsoft over 6 months to fix it. The bug affects ASN.1 library and is remotely exploitable through authentication subsystems (Kerberos, NTLMv2) and applications that make use of SSL certificates." The AP has an overview.