Microsoft still certifying leaky drivers

Thanks fdiaz2dayfor sending this in

Months after promising to tighten up its procedures for certifying third-party software drivers, Microsoft is still giving the green light to network interface card (NIC) drivers that leak sensitive user information from machines running Windows Server 2003, according to a prominent security company.

The allegations were made in an alert posted Monday by Next Generation Security Software (NGSSoftware) of Sutton, England.

Microsoft was unable to respond in time for this report.

At least two NIC drivers that shipped with Windows Server 2003 contain a security hole that leaks information stored on a system in Ethernet "frames" or streams of data sent over a network, according to the alert.

The alert identified the vulnerability in drivers for the VIA Technologies Rhine II ethernet controller and the Advanced Micro Devices (AMD) PCNet family of drivers, according to Chris Paget, the NGSSoftware researcher who wrote the alert.

News source: Infoworld.com

Report a problem with article
Next Article

Atari announces Dragon Ball Z: Taiketsu

Previous Article

Updated: Microsoft Crushing Small Businesses?