New Windows 2000 security loophole found

The operating system Microsoft wants to kill is still around. Windows 2000, whose first beta was out back in September 1997, is still powers a non-negligible number of Windows computers in businesses, currently the third most used OS, ahead of Apple Mac OS X.

Although Windows 2000 support including security updates will be terminated on July 13, 2010, a recent report by Forrester Research showed that nearly one in every ten companies are still using Windows 2000 within their companies with nearly a third having no plans to move to Windows Vista.

A team of Israeli security experts from the Department of Computer Science at the University of Haifa have found out yet another serious vulnerability in Windows 2000 operating system, one which affects the Random Number Generator.

The team leader, Dr. Benny Pinkas says that hackers can readily exploit this loophole in order to get their hands on sensitive information such as emails, passwords and credit card details.

The Security Response Communications Director at Microsoft, Mark Miller said that Microsoft did not find any security issues with CryptGenRandom.

More worryingly, the researchers says that Windows XP and Windows Vista might also be at risk as they use similar random number generators.