Thanks fdiaz2dayfor sending this in
Months after promising to tighten up its procedures for certifying third-party software drivers, Microsoft is still giving the green light to network interface card (NIC) drivers that leak sensitive user information from machines running Windows Server 2003, according to a prominent security company.
The allegations were made in an alert posted Monday by Next Generation Security Software (NGSSoftware) of Sutton, England.
Microsoft was unable to respond in time for this report.
At least two NIC drivers that shipped with Windows Server 2003 contain a security hole that leaks information stored on a system in Ethernet "frames" or streams of data sent over a network, according to the alert.
The alert identified the vulnerability in drivers for the VIA Technologies Rhine II ethernet controller and the Advanced Micro Devices (AMD) PCNet family of drivers, according to Chris Paget, the NGSSoftware researcher who wrote the alert.