Re: [Fwd: Re: Windows fuzz]

[Andreas Hasenack <andreas () conectiva com br>]

http://www.eweek.com/article2/0,3959,5264,00.asp

It could be this the MS exec was talking about in the above URL:

During his second day on the stand, Allchin conceded that Microsoft has already
identified at least one protocol and two APIs that it plans to withhold from
public disclosure under the security carve-out.

The protocol, which is part of Message Queuing, contains a coding mistake that
would threaten the security of enterprise systems using it if it were
disclosed, Allchin said.

Em Sat, Jul 06, 2002 at 08:04:56PM -0700, Blue Boar escreveu:
> > > I am writing an academic paper on such vulnerabilities in event-driven
> > > systems and I am sending it tomorrow to a conference for review. :)
> > >
> > > In event-driven systems it is common to be able to send events
> > > (=messages) from unprivileged users to priviliged users (guest ->
> > > Administrator). In Windows 2000, an unpriviliged process (example:

(...)