Microsoft recently released a patch for problems with ASN.1 in its Windows operating systems. The patch took roughly half a year for Microsoft to test and release, which was probably due to the seriousness and wide-ranging affects of the problem – e.g. the company wanted to make sure the patch was stable.
The ASN.1 problem was discovered by researchers at eEye Digital Security, and it's not the only problem they've discovered that will be patched by Microsoft. At least seven more security patches on the horizon for Windows platforms.
According to eEye's research Web, the company has discovered and reported to Microsoft seven other high and medium level security problems. The most recent problem was reported February 9, 2004 and the earliest was reported September 10, 2003.
According to eEye the problems include four exploits that could allow local or remote intruders to gain access to a Windows operating system under the context of the System account; one exploit that would allow denial of service attacks that could cause a system to completely fail; and two exploits that can allow arbitrary code to execute. In an effort to protect the public at large eEye made no precise details of these problems available other than the general descriptions summarized above.
As is usually the case, Microsoft has made no comments regarding when patches for these particular problems might become available, however we can safely assume that the company is working on solutions.
Register
Xing February 12, 2004