M$ admits to Media Center hole

Filed under
Microsoft

Microsoft is developing a patch for a newly discovered security flaw in versions of Windows XP which poses a particular threat to computers running XP Media Center edition.

The flaw is in Windows Remote Desktop Services (RDS) and could allow a hacker to cause a computer to crash repeatedly by sending specially crafted data packets.

"Our investigation has determined that this is limited to a denial of service attack, so an attacker could not use this vulnerability to take complete control of a system," said Microsoft in a security advisory.

The user who discovered the vulnerability, security researcher Tom Ferris (aka 'badpack3t'), claims that he alerted Microsoft to the problem in May. The company told him that a patch would be released on 9 August as part of the usual monthly cycle.

"I have been working with Microsoft to get a patch out for this," said Ferris. "Microsoft told me the patch was going to be released in August. We know it's only a DoS [denial of service attack], which is kind of boring, so this is why we decided to report it to Microsoft."

Full Story.