Tech Support Guy banner
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Super Moderator
Joined
·
37,796 Posts
Discussion Starter · #1 ·
Hiya

Sticking this one for a week as well here, as its in Security anyone, in case others miss it :)

An attacker who successfully exploited this information disclosure vulnerability could remotely read the session variables for users who have open connections to a malicious telnet server.

Affected Software:

• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
• Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
• Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
• Microsoft Windows Server 2003 x64 Edition
• Microsoft Windows Services for UNIX 3.5 when running on Windows 2000
• Microsoft Windows Services for UNIX 3.0 when running on Windows 2000
• Microsoft Windows Services for UNIX 2.2 when running on Windows 2000



http://www.microsoft.com/technet/security/Bulletin/MS05-033.mspx

Regards

eddie
 

·
Registered
Joined
·
21,398 Posts
Even with this MS update, consider that the Telnet protocol is known to be unsecure, but it is advisable to go ahead and install this update anyway to close the Telnet vulnerability cited by Microsoft.

The better alternative is to use a secure shell, SSH protocol, for example PuTTY is one such client for Win32 - don't know if there is a PuTTY for Win64 though. PuTTY has remote file copying support.

SSH is a much more secure protocol to use than Telnet protocol.

-- Tom
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top