* Microsoft offers patch for critical buffer overflow vulnerability Microsoft released its “first Tuesday” patch bundle last week, and one of the included patches could be the most critical in a long time. It affects every Windows operating system beginning with Windows NT 4 right up through Windows Server 2003. The patch is to correct a problem that would allow a malicious person to take over control of a computer remotely.The nature of the problem is our old friend, the buffer overflow. In this instance, it’s a buffer in the “ASN.1” library. This library supports the international Abstract Syntax Notation standard, and is used by most applications running in a Windows environment as a way of interpreting binary data.The ASN.1 information site (https://asn1.elibel.tm.fr/en/index.htm but don’t worry, it’s in English) explains the standard as: “…a formal language for abstractly describing messages to be exchanged among an extensive range of applications involving the Internet, intelligent network, cellular phones, ground-to-air communications, e-commerce, secure electronic services, interactive television, intelligent transportation systems, VoIP and others. Due to its streamlined encoding rules, ASN.1 is also reliable and ideal for wireless broadband and other resource-constrained environments. Its extensibility facilitates communications between newer and older versions of applications. In a world of change, ASN.1 is core technology, constantly adapting to new technologies.”That covers most of what you do on your computer, so you can understand the critical nature of the patch – just about everyone using a Windows-based computer is vulnerable. According to Microsoft’s security bulletin (https://www.microsoft.com/technet/security/bulletin/MS04-007.asp): “An attacker who successfully exploited this buffer overflow vulnerability could execute code with system privileges on an affected system. The attacker could then take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges.” This is a particularly nasty security hole. You need to patch every computer on your network just as soon as possible.It will be interesting to see if Bill Gates mentions this “little” problem when he addresses the RSA Security show (https://2004.rsaconference.com/) next Tuesday morning. It is, after all, the world’s largest gathering of security professionals. Related content news analysis Western Digital keeps HDDs relevant with major capacity boost Western Digital and rival Seagate are finding new ways to pack data onto disk platters, keeping them relevant in the age of solid-state drives (SSD). By Andy Patrizio Dec 06, 2023 4 mins Enterprise Storage Data Center news analysis Global network outage report and internet health check Cisco subsidiary ThousandEyes, which tracks internet and cloud traffic, provides Network World with weekly updates on the performance of ISPs, cloud service providers, and UCaaS providers. By Ann Bednarz and Tim Greene Dec 06, 2023 286 mins Networking news analysis Cisco uncorks AI-based security assistant to streamline enterprise protection With Cisco AI Assistant for Security, enterprises can use natural language to discover policies and get rule recommendations, identify misconfigured policies, and simplify complex workflows. By Michael Cooney Dec 06, 2023 3 mins Firewalls Generative AI Network Security news Nvidia’s new chips for China to be compliant with US curbs: Jensen Huang Nvidia’s AI-focused H20 GPUs bypass US restrictions on China’s silicon access, including limits on-chip performance and density. By Anirban Ghoshal Dec 06, 2023 3 mins CPUs and Processors Technology Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe