"Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system. Of course these are preliminary findings," Reavy wrote on the center's blog early Friday.
Windows 2000 SP4, Windows XP SP1 and SP2, Windows Server 2003 SP1, and Windows Vista are at risk, Reavy added.
The Russian researcher who first reported the bug to Microsoft on Dec. 16, however, observed that the vulnerability may be more dangerous than the "Less critical" rating that Danish bug tracker Secunia assigned. "There is potential remote exploitation vector if some service uses user-supplied input for MessageBox() function," wrote "ZARAZA U 3APA3A" on the Full Disclosure security mailing list.
Reavy downplayed the Vista-is-vulnerable angle. "While I know this is a vulnerability that impacts Windows Vista, I still have every confidence that Windows Vista is our most secure platform to date," he said. Microsoft has touted Vista, which released to corporations late last month and will debut Jan. 30 in consumer PCs, as significantly more secure than earlier versions of Windows.
Reavy also recommended users turn on a firewall, apply all Microsoft security updates, and install and/or update antivirus and anti-spyware software to protect their PCs.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
