Microsoft came clean on the random number bug for XP.
It’s in there.
From ComputerWorld:
As recently as last Friday, Microsoft hedged in answering questions about whether XP and Vista could be attacked in the same way, saying only that later versions of Windows “contain various changes and enhancements to the random number generator.” Yesterday, however, Microsoft responded to further questions and acknowledged that Windows XP is vulnerable to the complex attack that Pinkas, Gutterman and Dorrendorf laid out in their paper, which was published earlier this month.
Windows Vista, Windows Server 2003 and the not-yet-released Windows Server 2008, however, apparently use a modified or different random number generator; Microsoft said they were immune to the attack strategy.
In addition, Microsoft said Windows XP Service Pack 3 (SP3), a major update expected sometime in the first half of 2008, includes fixes that address the random number generator problem.
So is Vista immune? I realize that Microsoft claims that it is but, last week they said XP was immune to it. Are we going to see another stealthy patch roll out? Ah yes, SP3. Right.
[tags]Random Number Bug, Windows XP Random Number Bug, Random Number Generator Bug[/tags]