I do agree with Tim's article. People got scared with "SYSTEM COMPRIMISE", "root level" and other stuff written down in an advisorie. But, in fact, this vulnerability won't cause too much problem.

I don't really belive that a massive worm will be released for this vulnerability. First of all, this vulnerability has born old, with Windows Windows 98 and ME being listed in the affected systems row.

As far as I can see everybody had time to discover this bug and build up (or, at least, figure out) an exploit, and I don't know the existance of any exploit yet (even "in the wild").

The only reason to justify the panic created with this vulnerability would be "SYSTEM COMPROMISE" and remote "root level" access in the hand of scriptie kiddies. And, in accordance with the last paragraph, scriptie kidddies had enough time to find out an exploit and they've failed. Now Microsoft released the patches and whether someone release a patch this patch will be probably less effective.





[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/50/9677#9677