The latest kernel bug posted by the Month of Kernel Bugs is interesting not because of the bug itself, but because it was reported to Microsoft over two years ago and is still unpatched. 

The following versions of Windows are vulnerable to this flaw:

• Microsoft Windows 2000
• Microsoft Windows 2000 Service Pack 1
• Microsoft Windows 2000 Service Pack 2
• Microsoft Windows 2000 Service Pack 3
• Microsoft Windows 2000 Service Pack 4
• Microsoft Windows XP
• Microsoft Windows XP Service Pack 1
• Microsoft Windows XP Service Pack 2

Oddly enough, it's patched on Windows Vista.

The proof of concept code released currently only crashes the system but the of the code believes that this could be leveraged to escalate privileges and run malicious code.

Microsoft definitely gets a "could do much better" for having not patched this in two years.

(via Security Fix)

This entry was posted on Monday, November 6th, 2006 at 17:36 and is filed under Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.