"Serious Windows flaw" could put "vast numbers" of computers at risk

Microsoft is at it again, this time with a flaw in Windows that could put tens of hundreds of millions of computers at risk.

Windows is hyper-secure. Just ask Microsoft .

But if you ask people outside Redmond, like Beau Butler, who demonstrated a massive hole in Microsoft's Windows security last week, things aren't so rosy, as The Register reports.

Microsoft knows about the flaw and spent the Thanksgiving holiday trying to fix the error, as reported in The Sydney Morning Herald:

The flaw is an old one, first exposed and apparently fixed more than five years ago. But it appears Microsoft's fix was only partially effective. [GASP!]

The problem affects all versions of Windows, including the company's most recent release, Vista software ["rewritten from the ground up"]. However, it does not affect every Windows computer....It depends on how it is configured.

Apparently, Microsoft fixed the problem in 1999 (for those who applied the patch) for domain names ending in ".com," but left everything else exposed. So maybe many US domains are fine, but for everyone else:

By exploiting the design flaw a lone miscreant could take control of vast numbers of home or office PCs around the world in a single attack. They could read data, steal passwords and monitor internet use or use them to distribute spam or viruses.

How comforting. It's great to know that Microsoft controls the security for most of the world's computers.

With that said, let's be clear: no one company or project is going to be perfect on security. The problem with Microsoft is that so much depends on it getting this right. That's too much to ask of any one company, which is why a community approach (with someone(s) ultimately taking buck-stops-here responsibility) to security is better for users than relying on any one company.

Tags:
Tech Culture
About the author

    Matt Asay is chief operating officer at Canonical, the company behind the Ubuntu Linux operating system. Prior to Canonical, Matt was general manager of the Americas division and vice president of business development at Alfresco, an open-source applications company. Matt brings a decade of in-the-trenches open-source business and legal experience to The Open Road, with an emphasis on emerging open-source business strategies and opportunities. He is a member of the CNET Blog Network and is not an employee of CNET. You can follow Matt on Twitter @mjasay.

     

    ARTICLE DISCUSSION

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    Hot on CNET

    CNET's giving away a 3D printer

    Enter for a chance to win* the MakerBot Replicator 3D Printer and all the supplies you need to get started.