A Progress Report on Windows' ASN.1 VulnerabilityBy Larry Seltzer | Print
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
It's too soon to tell if Windows users have dodged a bullet from Microsoft's recently-disclosed and most egregious vulnerability: ASN.1. The current assessment looks as if things could be worse.On February 10, Microsoft disclosed a dangerous vulnerability in all modern versions of Windows, along with a patch to fix it. Nine days may not seem like a long time, but every day that goes by without a real exploit is great news.
At the same time, there is an exploit out in the wild that performs a distributed denial-of-service by crashing the attacked system. DDoS attacks are a bad thing, of course, but they aren't as much of a worry from a mass-attack standpoint. Authors can't make a worm out of a DDoS attack because if the system crashes, there's scant opportunity to trick the owner into spreading the worm.