Research: Hackers releases GDI-bug attack in Chinese Windows 2000 version

Security researchers on Monday spotted malicious code that triggers a critical vulnerability in the Chinese version of Windows 2000, and warned users of other editions to expect attacks. Symantec Corp. confirmed that the proof-of-concept code publicly posted to the milw0rm.com site earlier in the day successfully attacks Chinese editions of Windows 2000 Service Pack 4 […]

Security researchers on Monday spotted malicious code that triggers a critical vulnerability in the Chinese version of Windows 2000, and warned users of other editions to expect attacks.

Symantec Corp. confirmed that the proof-of-concept code publicly posted to the milw0rm.com site earlier in the day successfully attacks Chinese editions of Windows 2000 Service Pack 4 (SP4) by exploiting one of the two critical bugs in Windows GDI, or graphics device interface, that Microsoft Corp. patched last week.

But while the attack code works on Chinese versions of Windows, it doesn't when pitched against other editions. Rather than allow hackers to execute additional code -- malware to hijack the PC, for instance -- the exploit simply crashes Explorer, the Windows file manager, on non-Chinese versions of the OS.

Full Article

Symantec, Research, Researcher, Windows 2000, Windows Server 2000, SP4, GDI, Windows GDI, Bug, Exploit, Vulnerability, Chinese Edition