Microsoft Bug May Attract Big Worm

daveq writes "Several sources report that a serious new Microsoft vulnerability has been found. Experts expect it to be exploited heavily."

For the lazy......

[dirkdidit]

WASHINGTON -- Microsoft Corp. on Wednesday warned about a serious flaw in almost every version of its popular Windows software that could allow hackers to seize control of a person's computer when victims read e-mails or visit Web sites.

Microsoft assessed the problem's urgency as critical, its highest level, and urged customers to download a free repairing patch immediately from its Web site, www.microsoft.com/security.

The company said it was unaware of any reports that hackers already had used the technique to break into computers, but the time between disclosure of a new flaw and such break-ins has become increasingly short.

Russ Cooper, a security expert for TruSecure Corp., based in Herndon, Va., predicted that antivirus software will be updated to protect users who might receive infected e-mails and that Web sites with infected pages would be shut down quickly once they are detected.

"I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs."

The problem involves tricking Windows into processing unsafe code built into a Web page or e-mail message. It was particularly unusual because it affected so many different versions of Windows, from Windows 98 to its latest Windows XP editions.

There was some good news. Microsoft said customers using the newest versions of its e-mail software, Outlook Express 6 and Outlook 2002, were protected from hackers trying to exploit the problem using e-mails.

Older versions of Outlook would also be safe if customers had manually applied another security patch, which Microsoft released in 2000 after the spread of the damaging "ILOVEYOU" virus.

Microsoft said customers could manually adjust settings hidden deep within its Internet Explorer browsing software to prevent Windows from processing the dangerous code. Experts, however, said that was not easy to do for many users and that it would cripple convenient functions for many popular Web sites.

Re:For the lazy......

[gordyf]

"It's pretty unlikely any such exploit attempt will get legs."

Worms don't have legs anyway, do they?

Re:For the lazy......

Amusing this is. It's like they pretend that Windows 95 doesn't exist anymore.

Re:For the lazy......

[Vengeful+weenie]

The worm exploits versions from "Windows 98 to its latest Windows XP editions." Perhaps it's time to go back to Win 95!!

Mmmm, nostalgia.

1: This reply written in edlin. (Nah, not really.)

Re:For the lazy......

so if i run windows98 (& i do)

but i dont have outlook xpress installed (i dont)

& i never use IE (i dont)

then, im completely safe?

Re:For the lazy......

And that's because they do not support it anymore.

In June, windows 98 will cease to exist as well

Re:For the lazy......

[nolife]

Microsoft said customers using the newest versions of its e-mail software, Outlook Express 6 and Outlook 2002, were protected from hackers trying to exploit the problem using e-mails.

They should have add the following, "or if you are using just about any other mail reader besides ours."

I love how MS attempts to twist the story here and appears to make it look like you should only be using the most recent versions of THEIR software to be safe. They completely fail to mention that the only reason any of this is possible is bacause of their software and its integration into IE and the OS. If you were using almost ANY OTHER email program not designed by them or one that did not use their glob job interent settings you would be safe also. I use Pegasus and it is not effected by this at all.

Re:For the lazy......

[Ironfist.cmg]

Microsoft Corp. on Wednesday warned about a serious flaw in almost every version of its popular Windows software that could allow hackers to seize control of a person's computer when victims read e-mails or visit Web sites.

This is getting so routine these days that MS should just bolierplate the warning with a spot for the date.

Re:For the lazy......

IE is still installed on Win98, so you are still potentially vulnerable. Other IE worms have attacked the preview pane in Windows Explorer or other programs that uses IE as a component.

Re:For the lazy......

So you wold rather all it be sepaerad abd shitte,,, I'm drunk.. College suks I've graduqated six months agp ands here I am as a admin on a Win/2K/XP n4etwork and boy does it suck!!!

Re:For the lazy......

[It was particularly unusual because it affected so many different versions of Windows, from Windows 98 to its latest Windows XP editions.]

Too bad the pc I use at home is running 95 as the OS and NSCP 4.51 as my browser and for email.

Guess that means I don't have to worry about the bug.

Oh, and in case anyone is wondering, yes, I do have a 2K machine at home but it doesn't have a modem and until I figure out which browser and email client to use, it's not getting one.

Re:For the lazy......

[yerricde]

Worms don't have legs anyway, do they?

No. And neither do Weebles.

(no bonus.)

Re:For the lazy......

Umm...separated without Micro$oft is better than integration.

In order to keep it secret...

[rasafras]

Top officials have decided to post it on Slashdot.

Re:In order to keep it secret...

[Galahad2]

Hey, it's not like there's anyone on Slashdot that would like to hurt Microsoft.

Re:In order to keep it secret...

[Skirwan]

In order to keep it secret...
Top officials have decided to post it on Slashdot.

Obviously they've noticed that nobody ever reads the article.

Re:In order to keep it secret...

[joyoflinux]

Top officials have decided to post it on Slashdot.

We will probably hear about it a few more times :)

Re:In order to keep it secret...

[metallidrone]

Who needs to read the article? If you wait long enough, it's already reproduced in a +4 or +5 comment. =)

Re:In order to keep it secret...

[Red+Pointy+Tail]

On a related news, MS launches war in Iraq to distract the public now that it is not so secret anymore.

Is this Monday?

[spanky1]

I thought Monday was the official MS patch day? As an MS admin I'm not expected to work two days a week, am I?

Re:Is this Monday?

[Sloppy]

You have to this week, because of Linux. After Microsoft's weekly publicity blitz on Monday with the IIS bug, Linux fired back with a local root exploit, thus stealing the limelight. Microsoft, which is feeling very threatened by Linux these days, could not let that stand.

The big question is whether or not The Penguin will escalate with another salvo tomorrow. If so, you will have a busy Windows-patching session before the week ends.

Ain't competition great?

Re:Is this Monday?

[mistermund]

How about the Samba exploit this week?

'Reckon we're even so far.

Re:Is this Monday?

[grub]

How about the Samba exploit this week?

Samba is not a standard part of any Linux distro that I know of. In fairness, I'm an OpenBSD fan and don't use Linux much so I can't be sure. Anyhow, suggesting that this Samba exploit reflects poorly on any open source OS is really a strawman argument.

Re:Is this Monday?

[handybundler]

Samba is not a standard part of any Linux distro that I know of.

been in in every version of RH since 6.2 that I know of.

Re:Is this Monday?

[grub]

been in in every version of RH since 6.2 that I know of.

Installed by default?! If so then that explains RedHat's nickname "RootHat"..

Re:Is this Monday?

[handybundler]

I know this is was off topic for the article, but since you are *grub* I will ask you a quick question. here goes

RH 8.0. Created grub password. Have not been prompted yet for it at any time. Downloaded 2.4.xx Athlon kernel. Will not upgrade. Failed three times. Would grub password have any thing to do with this?

thanks.

Re:Is this Monday?

[Pharmboy]

Ain't competition great?

Now that was funny!

I have both ms and linux servers, and it has been patch city all week. At least I know why. You know what they say, bad press is better than no press...

Re:Is this Monday?

[grub]

I know this is was off topic for the article, but since you are *grub* I will ask you a quick question. here goes

RH 8.0. Created grub password. Have not been prompted yet for it at any time. Downloaded 2.4.xx Athlon kernel. Will not upgrade. Failed three times. Would grub password have any thing to do with this?

Ahh yes, the grub password problem..
Well, here is what I would strongly recommend:

Format your hard drive

Install OpenBSD and their bootloader.

Realize that neither myself nor grub.net has no affiliation with the grub bootloader project.

Wallow in your own filth.

Hope this helps, if I can be of any further assistance please feel free to write me at the address linked above.

- grubby

Re:Is this Monday?

[Pharmboy]

Samba is not a standard part of any Linux distro that I know of.

Isn't Redhat a distro, Elmer?

Re:Is this Monday?

Installed by default?! If so then that explains RedHat's nickname "RootHat"..

No, you have to choose "windows connectivity" or some such thing when you install it (although it might be installed if you go with the very generic "Server Install" option), but even then it's not started by default. You have to enable it yourself.

There was a time when all daemons that you installed in RH were enabled by default, but not so for the last 2 or 3 years.

Re:Is this Monday?

tfUC* c#NS0RSH!P!!!

Re:Is this Monday?

[BenV666]

Not as far as he knows ;)

Re:Is this Monday?

[Pharmboy]

yea, if you look later on, its obvious he is a BSD snob. Saying to "format your drive and install BSD".

Anyone who thinks THIER brand of OS is the only that doesn't suck, is obviously a loser who doesn't live in the real world. I use several OS's for a good reason: use the right tool for the job. If someone ONLY uses one OS, then obviously they don't know shit about the others.

Patch

[Synithium]

Already patched, thanks in part to VNC.

Re:Patch

no one cares.

Quite funny really

[00_NOP]

This story is being given big licks because everybody with a desktop thinks MS rules the world.

Of course, MS has been getting screwed in the server market for years and so this is not quite as big as they think...plus it's a week old story!

Re:Quite funny really

[Flower]

This story isn't a week old. The postings for the advisories were issued on the 17th. The exploit has known to be out since last Wed.

Re:Quite funny really

If there were as many Linux desktops as Windows, then I imagine we would see just as many Linux exploits. Especially since there would be tons more software available for Linux (and therefore more "stuff" to possibly exploit).

Maybe a different sort of exploit, but an exploit none the less.

With that said, I'm glad I run Linux as my primary OS (I only run Windows in VMware). And I stay updated with apt-get baby!

Heh.

[Black+Parrot]

The Early Bird OS?

There seems to be some discrepency here...

[DataPath]

From an AP article:
"I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs."

Russ Cooper is a security expert for TruSecure Corp., based in Herndon, Va.

There seems to be some disagreement on the exploitability of this.

Re:There seems to be some discrepency here...

[blakestah]

No, I think you are missing it.

The article describes a remote root exploit that affects IIS servers.

You are citing an article on a remote root exploit based on a user reading an email or visiting a web site.

Different remote root exploits. The IIS one is expected to be a pain, the email reading/website visiting one is not.

lamers

OLD NEWS

Not webdav

[ryanr]

Half the stories linked to are for the wrong vuln. I think they're supposed to be warning us about this one:

http://www.microsoft.com/security/security_bulleti ns/ms03-008.asp

Re:Not webdav

[Flower]

Which stories are you reading? So far all the headlines have been:

• Microsoft flaw leads to military hack
  
• Military Web server hacked
  
• Army dodged bullet on Win 2000 vulnerability; experts wait for wider attacks
  
• Microsoft flaw leads to military hack A dupe link in a dupe story now how about that!
  

Every one of these links refers to MS03-007 and not MS03-008.

Re:Not webdav

[ryanr]

Which stories are you reading?

The lockergnome one, which is the one from today:
http://www.lockergnome.com/update/archives/week_20 03_03_16.html

It makes reference to emails and html pages, which relate the the vuln I referred to.

BTW, it looks like details are available now:

http://lists.netsys.com/pipermail/full-disclosure/ 2003-March/004574.html

Re:Not webdav

[SomeGuyFromCA]

One is for what looks like YA Java 'sploit. Two are for the IIS/2K vuln.

Too many Microsoft vulns, editors confused. Divx ;) 5 at 11.

Re:Not webdav

[JamieF]

"The Lockergnome one" isn't specific enough. You're looking at only one of the Lockergnome MS vulnerability stories from that day. There are 3 stories about the IIS/WebDAV vuln and only 1 about the IE vuln ("Microsoft Warns Windows Users About Flaw"). Sad that there are 2 vulnerabilities reported on in one day, but...

Re:Not webdav

[JamieF]

No, it's not a Java exploit. It's a Windows Scripting exploit, meaning that even if you have Java turned off, but have Active Scripting (JScript/VBScript) enabled, you're still vulnerable. Of all things, it's a buffer overflow... in a SCRIPTING language.

http://lists.netsys.com/pipermail/full-disclosur e/ 2003-March/004574.html

what day is it again?

[GweeDo]

It is monday...time to patch my Windows Boxes... It is tuesday...time to patch my Linux boxes... It is hump day...time to patch my Windows Boxes again... Crap...what is Thursday gonna bring! And what is this gonna do to my loverly uptime!

Re:what day is it again?

[AKnightCowboy]

It is hump day...time to patch my Windows Boxes again... Crap...what is Thursday gonna bring!

Thursday, time to patch the SunRPC holes in Solaris. I WAS about to implement a central NFS server for our workstations, but Sun has so many problems with their RPC implementation resulting in root exploits I think I'll have to look for something else.

Re:what day is it again?

what is Thursday gonna bring!

Conveniently enough, GNOME BUG DAY!!!

Re:what day is it again?

Meanwhile I'm just happily chugging along with my Mac... whee!

Re:what day is it again?

[archen]

I thought Thursday was the day we discovered all the crap that broke because of the patches...

Re:what day is it again?

[Pharmboy]

I thought Thursday was the day we discovered all the crap that broke because of the patches...

Hell no, YOU are the one that installed the patch that broke the servers, fix that on your OWN time, over the weekend or at night. That will teach you.

Re:what day is it again?

And what is this gonna do to my loverly uptime!

Your uptime of 1 day? There's not too much bragging rights there =)

Re:what day is it again?

[morgajel]

thursday is
apt-get update
apt-get upgrade
day:)

Re:what day is it again?

0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Re:what day is it again?

you probably have outdated sources
mine update very frequently, comes very close to cvs ;) especially the *-dev stuff

Dupe?

[gmuslera]

They are not talking about the vulnerability discussed in this previous slashdot story?

Considering how much exploited was this particular flaw, I don't think that a lot of servers will remain unpatched, but, anyway, I still receiving so much hits from CodeRed and Nimda that I will not be surprised if such worm have a big success.

Re:Dupe?

[NineNine]

I doubt that a lot of servers are going to be effected by this, especially considering that this comes from JScript from a server or HTML email.

Re:Dupe?

NineNine, you really need to get out more. I mean, sheesh, I've seen some sad losers on Slashdot, but reading your posts... Ah well.

Not a dupe!

[spanky1]

You were just caught off guard by MS having two major patches in a single week.

Re:Not a dupe!

[meme_police]

I still haven't seen anything suggesting that this is a second exploit. It's just a dupe of the WebDAV exploit, isn't it?

Re:Not a dupe!

PLEASE RTFA!

Re:Not a dupe!

[meme_police]

I tried to RTFA. The 3 links that I read referred to the WebDAV exploit so I didn't bother with the 4th. Now looking at the 4th I see it's YAWE rather than YAIISE.

Big Worm?

[LesPaul75]

I heard he smoked a fool over 20 bucks!

Re:Big Worm?

[unicron]

Big Worm ain't gonna do a GOD-DAMNED thing! I run linux.

Re:Big Worm?

What's happening Big Perm?

I mean Big Worm......

Re:Big Worm?

Don't mess with my patches, Smokey. Messin' with my patches means messin' with my emotions.

Re:Big Worm?

for those of you who havent seen the funny that is Friday here ya go.

puff puff give.

Web security news and papers

www.cgisecurity.com
www.cgisecurity.com/lib

Re:Why Navy rules....

[geekoid]

ANd I always thought it was because of tailhook... ;)

It doesn't look good for OS X

[teamhasnoi]

Big worms are unusually fond of Apples.

You might want to cover your Macintosh with a thin layer of paraffin, or place it in a plastic bag this week; that should deter any worms.

Re:It doesn't look good for OS X

Nope. Apple's bad news of the week is the previous headline: AlGore joins Apple BOD.

Re:It doesn't look good for OS X

that's not funny..
that's an actual question at a MUG meeting ,
"How do i change the colour of iTunes? And if i cover my computer with a bag will it protect it from worms?"

Re:It doesn't look good for OS X

I wrapped mine in aluminum foil :-)

How to check if you are vulnerable

[gmuslera]

From the Microsoft security bulletin
---------------
How to Check Which Version You Have

If you are unsure whether a product you are running is affected by this issue, check the version.

To determine which version of Microsoft Windows you are running:

1. On the taskbar at the bottom of your screen, click Start, and then click Run.
2. In the Run dialog box, type: winver
3. Click OK.
A dialog box displays the version that you are running.
-------------

If it say "Microsoft " and something else, you are vulnerable.

Re:How to check if you are vulnerable

[product+byproduct]

...and if it says something else, your computer has already been compromized.

Re:How to check if you are vulnerable

[mstrjon32]

Thank goodness for that utilitiy. I couldn't read the text to the left of the start menu that says "Windows 98". How would I have known which version I was running without winver?

Microsoft...always thinking ahead...

Re:How to check if you are vulnerable

This utility is useful. My Windows version is not written on the Start menu. OTOH, if you can disable this and not know what version of Windows you are running, there's a problem.

Re:How to check if you are vulnerable

[archen]

If it say "Microsoft " and something else, you are vulnerable

If you have to do all that to figure out what version of windows you're using, your computer probably already has more viruses than a biological weapons factory.

Re:babies babie baby

nope got it wrong. that was a troll. i support abortion because i hate taking care of your fucking lazy fat social liabilites.

humans will not survive as a species of we keep pumpingout unwanted babies.

i was just trying to be disgusting.

friday

Smokey, playing with my exploits is like playing with my emotions.

Not again

[old7]

Can we just have a Microsoft hack/exploit/bug page that is always there. This will spare the rest of us the repeated bombardment of notices. Old7

Can bug affect hotmail or yahoo email?

Or must you be using Outlook for email to be vulnerable to this bug? The Microsoft website is extremely vague on this matter.

Re:Can bug affect hotmail or yahoo email?

[terraformer]

The attacker would first have to send you an e-mail message or entice you into visiting a malicious Web site.

Yes, since it seems that it is actually the Windows Script engine (shared by IE, OE and the OS) that is the problem.

For more: click here.

Re:Can bug affect hotmail or yahoo email?

[johny_qst]

This affects all users who view HTML webpages with Internet Explorer or view HTML email on their windows box with an old version of Outlook or Outlook Express. If you are using another browser or email program you are still vulnerable if scripting is enabled. This is a problem with processing JScript. This is a problem for most M$ boxes. If using one please upgrade to another OS or update using windows update.

Re:Can bug affect hotmail or yahoo email?

[ryanr]

The webmail sites usually do some javascript filtering, but there have been bypasses for those filters in the past, and probably will be in the future. If you're using IE to read mail on those sites, there's always a chance this bug might bite you.

Re:Can bug affect hotmail or yahoo email?

Who thought automatically running stuff would be a good idea?!?!?!? I know I sure as hell don't want anything happening automatically when I read an e-mail.

Re:Can bug affect hotmail or yahoo email?

JWZ of Netscape fame is the guy to blame.

lets play a game

[xao+gypsie]

lets guess at how many root name servers will go down this time.....weee!!!

xao

Re:lets play a game

[gearheadsmp]

I say two.

Re:lets play a game

[42forty-two42]

I say none. They don't run:

• Windows
• Outhouse Express
• A WebDAV server
• Anything on port 80, in fact

Re:babies babie baby

You claim that you are what you eat. Seeing as you enjoy refering to someone that is mentally handicapped as "retard", I have to agree with the aforementioned statement. What you have written is offensive not only to those that read it and understand, but yourself as a person whether you understand its implications.

You know H-1B has gone too far�

...when Microsoft starts hiring Fremen.

Re:You know H-1B has gone too far�

redmond == arrakis

MPL

[houseofmore]

"Several sources report that a serious new Microsoft vulnerability has been found."

Maybe this is there version of "open source".

Xenix

[spanky1]

If it say "Microsoft " and something else, you are vulnerable.

Damn! That means my Microsoft Xenix system is vulnerable! How do I unstall this patch on Xenix? Is Xenix the same thing as XP?

Re:Xenix

You should go to jail for supporting SCO and Saddam.

Re:Xenix

[anonymous+cupboard]

Xenix was Microsoft's attemp at making Unix bug compatible with WIndows.

I remember it, it really was bad.

Re:having lots of oil might attract imperialist US

No, I'm sorry my friend, we only conquer countries that are terrorists. No wait, make that have weapons of mass descruction. F*%K. Make that countries that oppress their people.

Truth be told, not even we Americans know what the hell is going on.

Ho Hum...

[wirelessbuzzers]

Yet another buffer overflow. In Windows. Yet another opportunity to send email viruses in Outlook. Yet another opportunity for Linux geeks to make fun of "M$."

While this is important news for Windows users, I expect MS has already told them. Move along, nothing to see here.

Re:babies babie baby

You're exactly right. That's why your mother should have received a good shot to the gut while carrying you.

Re:Why Navy rules....

My Ass Rides In Navy Equipment.

This is NOT working!!!!

[the_real_tigga]

I just tried this and wanted to warn others:

YOU WON'T BE ABLE TO TELL THE VERSION FROM THIS!
Microsoft must be saying something wrong!!!

I got a window popping up, the title was "Sorry - KDesktop", and then "winver" and "Could not run the specified command!"

So it's not woring. QED.

Re:This is NOT working!!!!

you need to type this in first:
alias winver='uname -a'
then it will work

Re:This is NOT working!!!!

[CrazyDuke]

Please download this shell script. You can use the following instructions:
wget http://www.freeos.com/guides/lsst/scripts/q19
chm od 777 ./q19
link -s ./q19 winver
winver

Re:This is NOT working!!!!

So it's not woring.

It is too whoring. ;)

"The attacker would first have to send you an e-mail message or entice you into visiting a malicious Web site."

So is this a bug in IE, Outlook, the TCP/IP stack, or something else?

Re:This is NOT working!!!!

[0x0d0a]

Dollars to dimes it's IE.

Nice "reporting"

So let's see, when a root hole is discovered in Linux, "Linux 2.2.25 has been released to correct this security hole, along with a patch for 2.4.20-pre kernels."

When a (serious) MS bug is found, "Experts expect it to be exploited heavily." Never mind that a patch was released for it as well.

And you think MS is bad...

Re:Nice "reporting"

[Bilbo]

> when a root hole is discovered in Linux, ...

Does anyone know if this flaw got beyond the theoretical level - i.e., were any exploits discovered, "in the wild"?

> When a (serious) MS bug is found ...

Well, we already know one "military" server was owned by an unknown cracker, so exploits already exist out there, and they are being used.

In other words, yes it is biased reporting (what else do you expect on /.?), but there are very different levels of severity here. Bugs are everywhere, but not all bugs are created equal.

Eeep!

[miketang16]

/me retreats hurredly back to the security stronghold of his Linux system

Re:Eeep!

/me retreats hurredly back to my security stronghold... and updates Tuesday's root exploit...

WHEN WILL IT ALL END?? Oh, well... the pleasure of making Linux work far outweighs the pleasure of watching Windows... umm... not work.

Cool!

[the_real_tigga]

Experts expect it to be exploited heavily.

Celebration times come on!
With slashdot now reporting speculations on future events, we can drop shit on Microsoft even before bad things have happened!

Exploit

[LegendLength]

"I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs."

I like it how he doesn't go on to give any tecnical reasons why there won't be widespread exploit attempts.

Re:Exploit

[benjamindees]

Probably because he's talking about the wrong exploit.

Re:Why Navy rules....

[titzandkunt]

Hey - me too!

(Defense, software, navy, RH6.2)

Who knows, maybe we sit at adjacent desks...

If that's the case, next time, will you fill
the friggen' coffee machine up when you take
the last cup?

T&K.

Pbbbbttt

[the+eric+conspiracy]

Slashdot quality control at it's finest.

DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE

Hey guys.... how about writing a routine that chacks URLs in submitted storries vs. those already posted? Surely that would cut down on these repeats.

Re:Pbbbbttt

[nmg196]

It's not a dupe. RTFA!

Believe it or not, Microsoft has had more than one security flaw in it's operating systems (just like Linux!!). This isn't the same bug as the one mentionned yesterday. Duh!

Had you read the article, or indeed, any of the previous comments, you'd have realised that you're as dumb as someone who wants to bomb Iraq for Oil.

Nick...

Re:Pbbbbttt

[the+eric+conspiracy]

RTFA yourself. Both articles refer to the problems as a buffer overflow in IIS's WebDAV functionality.

Re:Pbbbbttt

You really are stupid Eric.

Re:babies babie baby

oh ok. My bad.

Re:babies babie baby

1. Make retarded baby.
2. Eat retarded baby.
3. Become retarded, baby!

Two separate vulnerabilities

[nweaver]

#1 is the WebDAV vulnerability, affecting IIS 5 on Win2k. This is the one used to corrupt the military web server in question, and is a very worm friendly (arbitrary remote execution) vulnerability. This is the most likely target of a worm, as it can be purely automatic (a'la slammer and Code Red), and gives full system access.

#2 is a script engine vulnerability, allowing an email message or web page to execute arbitrary code. Although good for mail worms, this is less autonomous-worm friendly: it's a good secondary way to cross a firewall, but users need to read the email to spread, making a slower worm, something in the ballpark of an auto-executing Klez: a pain but nothing catastrophic. It also runs as the user, not as sysem, making it a (somewhat) less valuable exploit when targeting Win2k/XP.

Both are serious vulnerabilities which require patching, however.

In case you are curious...

[Elwood+P+Dowd]

No, you are not crazy. These articles are all refering to the other MS issue this week: IIS's WebDAV remote buffer overflow attack.

There is, however, a new issue today. Use Windows Update. This new issue would allow operators of a malicious website to remote root your machine if you navigate to them. This applies to all (!) versions of Windows since Win98.

The worm-friendly bug is the old bug. So, technically speaking, this post is 100% dupe. It just happened to (luckily?) coincide with another MS security issue.

Re:In case you are curious...

[gmuslera]

This one is more worm friendly than the other. You know, Klez, Sircam, etc, ARE worms, and some of the most sucessful email worms are so because IE vulnerabilities (like the iframe bug). So this, that can be activated by a html mail, is the perfect opportunity for a big mail worm, and maybe easier to do than an obscure buffer overflow.

Re:In case you are curious...

[erlando]

Quoteth the parent:

This new issue would allow operators of a malicious website to remote root your machine if you navigate to them.

According to Microsoft's advisory this exploit is only able to run with user priviledges. Although on Win9x this is always "root" it really shouldn't be the case on 2000 and XP. Because you really don't use your Administrator-account to browse the web, do you?

Re:In case you are curious...

[mark-t]

It just happened to (luckily?) coincide with another MS security issue

Considering how often such issues come up, it's almost inevitable that such "coincidences" should happen semi-regularly.

Re:In case you are curious...

[jred]

You & I don't, but most people will. By default, WinXP gives the user admin rights. Not always, and I haven't looked into it enough to know why, but most of the time.

Big worm

[RenHoek]

I usually use a thumper to call Shai-Hulud.

Truth suffers from too much analysis.
Ancient Fremen Saying

Re:Big worm

BWA HaHaHaHaHa

GAWDAM--Thank you

Re:having lots of oil might attract imperialist US

We fight wars when we feel like it.

We're crazy and dangerous and nobody can stop us so suck our dicks.

America is #1!

Microsoft's lesson from Herbert

[whm]

Walk without rhythm, and you won't attract the worm.

Shai-Hulud's a-coming!

Re:Microsoft's lesson from Herbert

[Desperado]

Walk without rhythm, and you won't attract the worm.

That will be natural for me....I'm Caucasian.

Deepest Apolgies...

[RatBastard]

Surf without I.E.
it won't attrack the worm

Surf without I.E.
and it won't attrack the worm

Surf without I.E.
and it won't attrack the worm

Surf without I.E.
ah, you'll never burn

Re:Deepest Apolgies...

What exactly is attrack?? Is that some AT&T version of eight-track?

Re:Deepest Apolgies...

[RatBastard]

I blame the asshats running the webiste I cut and pasted from. :(

Re:Deepest Apolgies...

Would it have killed you to read your post before hitting 'Submit'?

Re:Why Navy rules....

[budcub]

I work for a defense company that makes software for the Navy and we use Red Hat 6.2.

Hasn't Red Hat stopped support of 6.2? Hmmmmm...

Re:babies babie baby

listen your smarmy little fuck stain. the best part you ran downt he crack your mommas ass and ended up a stain on the mattress

i pay for you. your parents pay for you. you fat fucking sexless prick social liability fucker. i want restitution you welfare fuck.

Is there a Slashdot type site just for CODERS?

[wackybrit]

I rarely post offtopic, but because there's no where on Slashdot for 'free discussion', I figured I might as well (listen up editors, if we had a 'MetaSlashdot' there might be less off-topic posts).

Is there a Slashdot style site specifically for coders? I like Slashdot, but as a coder I'm not so interested in reading about PDAs, politics, and stuff like that.

I want stories about virtual machines, Perl, C++, people's attempts at writing compilers, discussion of the latest computer science theory.

I'd love a site like that, yet I seem unable to find one. Does anyone know of something that'd fit the bill?

Re:Is there a Slashdot type site just for CODERS?

[davidstrauss]

http://developers.slashdot.org/

Re:Is there a Slashdot type site just for CODERS?

Thanks, although I did know about that one ;-) I find the topics less than inspiring there though and the traffic is really low on the non-frontpage stories.

Re:Is there a Slashdot type site just for CODERS?

[0x0d0a]

You seem to like Soviet Russia and Natalie Portman well enough...

Re:Is there a Slashdot type site just for CODERS?

Judging by your history you have posted offtopic quite a bit.

Really? That's news to me. I have received one offtopic moderation in the last 24 posts, and 5 moderations up to +5. Course, that's all going to change as soon as all of these posts get modded down, hence the AC :-)

Oh... THAT Microsoft security vulnerability...

Now I know what everyone's talking about.

Don't worry! There are mitigating factors.

[mashie]

From the "Mitigating Factors" section of Microsoft's bulletin:

- For an attack to be successful, the user would need to visit a website under the attacker's control or receive an HTML e-mail from the attacker.

They forgot some other mitigating factors, like:

- the user's machine would have to be connected to a source of AC power

etc.

Re:Don't worry! There are mitigating factors.

So my laptop is safe when using batteries?

Re:Don't worry! There are mitigating factors.

Certainly, MS should be more selective when listing mitigating factors. Saying that all users should be wise enough to recognize malicious web sites and mail messages before clicking the mouse button only reduces their credibility.

If you sell a mass-market product, you must assume that many customers are unsophisticated, that most are neither dunces nor experts, and that the few who are experts can do sensible things without you having to remind them. Auto companies design and build their products with the below-average driver in mind, not for race drivers. Software sold with the family computer should be built and supported like a mini-van, not a NASCAR stock-in-name-only racer.

Re:spice

:::::::)))))))))))

That was funie! I liek it

joke me some more for funni, i will laugh

HUMOR, I COME To YOU AGAIN! WAIting..

No, not that either.

I think they're suppose to be warning about this one. Damn MS security vulnerabilities. Too many to keep track of.

Re:babies babie baby

You are a dumb bitch. I said eat and I meant it as FOOD - for my physical being [which happens to be young, virile and sexy unlike you broken fatty sexless ass]. You are a medieval fucking cretin asshole idiot if you think you can eat something and you get its brain power. If that is the case, according to you; you are as dumb as a cow, chicken turkey fish soybean and a stalk for corn. Sounds like eating a baby is an order of magnitude smarter than eating the dumb things you eat according to your scale. Stupid fucking retarded asshole.

Worm Sign!!!

[Lord_Dweomer]

Ok....anybody else immediately think of Children of Dune when they read this headline? Perhaps they'll call it the Thumper worm. Eh, goes to show what watching 4+ hrs of Chidren of Dune every night for 3 nights in a row does to you.

...Wormsign?

We have wormsign the likes of which even God has never seen..

Oh yeah, baby...

[grub]

Microsoft Bug May Attract Big Worm

So there I was at a Halloween party. This woman dressed up as a giant insect walks up. I realise she has a Microsoft logo on the chest of her costume.

I was hooked.

"So," she asked "does me being a Microsoft Bug make your Big Worm want to come out and play?" I was flabbergasted.. There I was being asked this by the woman of my dreams and I was wearing a Tequila Bottle costume...

/. Headline

[tiny69]

Let's not give anyone any ideas now... It wouldn't surprise me if there are a dozen different worms running around the internet tomorrow.

/. is almost as bad as how CNN was during the Rodney King Riots...

Gotta love

[gilroy]

"increasingly short". Sort like getting more less.

If you walk without rythm ...

[Bobtree]

errr, sorry. So, the latest SciFi mini-series was pretty good huh? I wonder if they'll follow it up with another.

But man, who know Christopher Walkin could dance like that?!

Crazy stuff.

not even?

Truth be told, not even we Americans know what the hell is going on.

Hell, we're the only ones who don't know what the hell is going on. The rest of the world is far better informed.

old news...

[SomeGuyFromCA]

The problem involves tricking Windows into processing unsafe code built into a Web page or e-mail message ...
Microsoft said customers could manually adjust settings hidden deep within its Internet Explorer browsing software to prevent Windows from processing the dangerous code. Experts, however, said that was not easy to do for many users and that it would cripple convenient functions for many popular Web sites.

IOW, it's Yet Another Java 'Sploit; turn off ActiveX and Javascript [or just not use IE] and you're safe(er).

As far as crippling 'convenient functions'... I don't know who calls pop-ups, Flash ads, or other common webpage uses of Java/ActiveX convenient.

I sometimes wonder

[sielwolf]

If any of this does any good (outside of warning Windows admins). People who have used computers for twenty years still have no idea how these exploits and bugs work. They think that Kevin Mitnick can hack a computer with a telephone (ala Scanners) but don't think twice about double-clicking an email from "1337user@aol.com".

I sometimes think that education has been a problem, as all of these reports usually come with a verbose "what this does, what it doesn't, what you should do." So then I go on to think that it must be some sort of lethargy on the part of Joe End User. So then I think that a serious entrance learning curve would do the trick (i.e. stick every one on some old terminals).

But I think a threshold has been crossed. People now need to use computers. Colleges and businesses are going paperless, demanding a higher level of computer savvy... but all the while ignoring basic user compotence. Computer use is either "so simple a monkey could do it" or "impossible for anyone but geeks to understand". It's as if most users are satisfied to never understand how their "magic box" works.

This wouldn't bother me too much if it didn't seem that this same disease has seemingly infected a significant minority of admins out there (considering how ridiculously some of these viruses spread). Of course many of these seem to be (in my experience) non-CS academic types who "need" Unix workstations but are uninterested in protecting them.

Re:I sometimes wonder

[waveman]

"compotence" - there is something ironic about spelling this wrong.

Re:I sometimes wonder

[sielwolf]

Dam'nit! Well I guess I'll never be an editor at a popular online community ;)

Re:I sometimes wonder

[HoldmyCauls]

It occurs to me that average people see *everything* as not only a "magic box" but what we often refer to as a "black box". Systems of politics, society, religion, ad infinitum flabbergast anyone who's not willing to use their (insert deity)-given senses and mental abilities.

Re:I sometimes wonder

> "compotence" - there is something ironic about spelling this wrong.

You mean like our senior management who demanded "professionaity on all levels" from us in a recent "times are difficult, you'll have to work harder"-type message? I bought a cheap plastic frame and have it right beside my desk now.

Re:I sometimes wonder

[sharkey]

They think that Kevin Mitnick can hack a computer with a telephone (ala Scanners)

But can he make people's heads explode like in Scanners?

Re:I sometimes wonder

Mmmm... compote.

Where is Old Ike?

I sure do miss Old Ike :-(

Worms *don't* have legs! (nt)

[exp(pi*sqrt(163))]

Neither do viruses.

Re:spice

when i think about this i want joke about this guy's mom attracting my big worm.

ARG!

One of the larger problems with stuff like this is no one will say what the worm is, just download this patch and it's fixed. If windows were open-souced, everyone would know what the worm was, instantly, and everyone would know how to fix it AND related worms could be found. With the closed source model it's just download the patch and pray.

What I'm trying to say is, a new worm makes it onto Slashdot's front page, and no one knows what it is. Just download the patch and don't ask questions. Something is seriously wrong in the Windows security development model of security by obscurity. If you can't discuss a problem, it'll never get fixed.

Re:ARG!

> Just download the patch and don't ask questions.

And agree to the EULA that says all your file are belong to Bill.

Likely, these big worms...

...will help boost the sales of Microsoft products to the Fremen.

CERT of GNU libc (Re:Is this Monday?)

Actually Linux has already "retaliated": there's an overflow issue in some RPC/XDR libraries functions of GNU libc and many other RPC implementations.

Contradictions from the experts

[dstone]

Russ Cooper, moderator of the NTBugTraq security list and a security expert for TruSecure Corp., seems to be contradicting himself in two stories on the same day (or is being misquoted). Make of this what you will...

This story quotes Cooper: "I do expect that in the next seven to 10 days we're going to see a worldwide wave" of attacks, probably via an Internet worm, Cooper said Wednesday. "And it will be effective."

And this story quotes Cooper: ""I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs.""

Re:Contradictions from the experts

[ryanr]

Probably because they are about two different vulns. Since the webdav hole is known to have an exploit already being used in the wild, it's pretty safe for Russ to say that it will be used. :)

He's probably also not too far off with the jscript integer overflow either. It's usually difficult to write an exploit that will work for all the different OS and jscript.dll versions, without simply crashing on a mismatched version. That makes an effective worm a lot less likely.

Re:Contradictions from the experts

"I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs."

Well what kind of worm has legs? I mean really...

I CAN'T BELIEVE IT!!!!!

Bush, is that you??? I didn't know you read SlashDot!

The Details

Technical details

Technical description:

The Windows Script Engine provides Windows operating systems with the ability to execute script code. Script code can be used to add functionality to web pages, or to automate tasks within the operating system or within a program. Script code can be written in several different scripting languages, such as Visual Basic Script, or JScript.

A flaw exists in the way by which the Windows Script Engine for JScript processes information. An attacker could exploit the vulnerability by constructing a web page that, when visited by the user, would execute code of the attacker's choice with the user's privileges. The web page could be hosted on a web site, or sent directly to the user in email.

Although Microsoft has supplied a patch for this vulnerability and recommends all affected customers install the patch immediately, additional preventive measures have been provided that customers can use to help block the exploitation of this vulnerability while they are assessing the impact and compatibility of the patch. These temporary workarounds are discussed in the "Workarounds" section in the FAQ below.

Frequently asked questions:

What's the scope of the vulnerability?

This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could cause code of his or her choice to be executed as though it originated on the local machine.

What causes the vulnerability?

The vulnerability is caused by a heap overflow in the Windows Script Engine for the JScript scripting language, JScript.dll.

What is a scripting language?

Scripting languages can be used to add additional functionality to HTML web pages or operating systems. They can enable a web author to set and store variables, and work with data in the HTML code. For instance, a script can be used to check the version of the web browser a user is running, validate input, work with applets or controls, and communicate to the user.

In addition, scripts can be used in Windows to automate operating system tasks such as changing settings or mapping a network drive.

What is a scripting engine?

The Windows Scripting Engine serves as the component within Windows that interprets and executes script code written in scripting languages such as JScript or VBscript.

What is JScript?

JScript is the Microsoft implementation of the ECMA 262 language specification (ECMAScript Edition 3).

It is an interpreted, object-based scripting language. In general, JScript has fewer capabilities than full-fledged object-oriented languages like C++. Stand-alone applications cannot be written in JScript, for example. JScript scripts can run only in the presence of an interpreter or "host", such as Active Server Pages (ASP), Internet Explorer, or Windows Script Host.

What's wrong with the Windows Script Engine for JScript?

There is a flaw in the way the JScript scripting engine processes the script. It does not correctly size a buffer during a memory operation.

What could this vulnerability enable an attacker to do?

This vulnerability could enable an attacker to cause code of the attacker's choice to run with user privileges on the system.

If I am not using Internet Explorer do I need the patch?

Yes. The vulnerability exists in the Windows Script Engine. Microsoft recommends all customers install the patch immediately.

How could an attacker exploit this vulnerability?

The attacker would need to construct a web page that contained specially formed script code. The attack could then proceed via either of two vectors. In the first, the attacker could host the web page on a web site; when a user visited the site, the web page could launch the script and exploit the vulnerability. In the second, the attacker could send the web page as an HTML mail. Upon being opened by the recipient, the web page could attempt to invoke the function and exploit the vulnerab

Re:The Details

[Alsee]

The http address is mangled.

Here is a working link: How to Disable Active Content in Internet Explorer


-

Why is the DoD using Microsoft servers?

[Colonel+Panic]

They should know better than to keep critical services running with M$ software. Is this just plain laziness or stupidity?

Re:Why is the DoD using Microsoft servers?

Who said they were running critical services on this particular server? Generally, but unfortunately not always, if a DoD system is open to the world it is not running anything critical. This was probably just some installation's public web server.

Big Worm? Oh, no!

Microsoft better get Ice Cube and Chris Tucker up in here to take care of that shit!

Windows Update not working?

[mtcrowe]

Has anyone tried to use Windows Update to grab this patch? I'm running WinXP at work and just tried to hit Windows Update to let it auto-magically determine which update(s) to send to me. However - it came back and said everything was already hunky dory, no patches available.

I checked www.microsoft.com/security and looked up the MS03-008 patch for XP. It had a Qfix number starting with 8. I then compared against the Qfixed installed in my add/remove programs listing and it wasn't there...

I'm wondering whether they forgot to include that patch on the WU site for WinXP users. Seems to me like that would be one of the most critical places to put it for all of the normal user-folk.

So, I manually downloaded and installed the "Js56en" patch on WinXP and it took.

As an aside - I was very concerned when MS announced the Windows Scripting Host functionality. My thinking at the time (and again now) is that they allow so many file types to be executed that there's just no way they can keep all of the bugs out of all of those interpreters. Figured it would just be a matter of time..

Re:Windows Update not working?

All those different file types, JavaScript and VB and batch (oh my!) They should only allow WSH to execute any file where the first line is of the form

#!

That should cut way down on the number of different interpreters that you have to proof against bugs.

Re:Windows Update not working?

[VividU]

Windows Update worked just fine on my Win2K box.

Re:Windows Update not working?

[SailorBob]

How do you manually download these patches? I'm not running windows update (it only works with IE) and so the page just sent me to ms download center. The last patch listed there is from the March 17.

another dupe?

[theraccoon]

Wasn't this story posted last month... And the month before? And the week before that? And the month before...

Re:another dupe?

[ubugly2]

yes it was ,but the typos are different..

wait... storm in the desert... worms

A storm is coming... OUR storm. Do we have wormsign?

Usul, we have wormsign the likes of which God has never seen!

Re:wait... storm in the desert... worms

the worm is the spice..

I can't believe I read it here first

[perp]

From the advisory, which is now in my mailbox, (though it wasn't a few hours ago when I left work) Microsoft was initially notified last July, iDefense's (paying) clients were notified in January and we, the great unwashed, are just hearing about this now.

Actually the receptionist(!) at work forwarded me a news story about this from the local tabloid newspaper this afternoon, but the article was so non-technical that it was impossible to tell what exploit they were talking about (and there were no links), so I postponed looking into it until I heard more.

I read BugTraq religiously. Looks like I need to get another religion if I want to save my soul, let alone my ass. Fortunately, at our site, use of either IE or Outlook is punishable by a severe whacking, so we shouldn't be too badly off.

Re:Why Navy rules....

[Corgha]

Hasn't Red Hat stopped support of 6.2? Hmmmmm...

Not until March 31st. :)
http://www.redhat.com/apps/support/errata/

Of course, I didn't see an update to their 2.2 series kernels in the RHSA for the ptrace vulnerability...

Running code

[pdan]

Maybe this is a stupid question, but what is the point of enabling such feature as running executable code received in an e-mail? I know what everybody on Slashdot think (except for those 1337 H4X0RZ who find this useful). I just want to know the answer from inventor of this "feature".

s/feature/bug/g if $OS=="Windows"

Re:babies babie baby

4. ?????
5. PROFIT!

By any chance...

Did a sexy mare answer the door and converse with this mythical insect-like creature?

Or did this mythical creature become engulfed by that big French oaf that bends over and stretches it knee to knee?

I feel your pain, geek...

-SlashdotTroll (*because slashdot limits my posts to two, regardless of using ProxyOne: the ultimate anonymizing proxy)

Don't Mind Me...

[benjamindees]

I thought you were referring to Mr. Cooper playing down the other MS security flaw (this week):

Russ Cooper, moderator of the NTBugTraq security list, which is owned by security services firm TruSecure, agreed that attack wasn't a serious one

Deepest Apologies...

Universities at risk

[wolfbane01]

I recieved an email earlier today listing in excess of 100 vulnerable servers on my campus.

When will people realize that they need a secure OS!

No...

Slashdot is highest authority in detecting worm-sign. Would you take a chance of Ugla-BorGates telling you where the worm surfaces? Ya, me too...

Bring those waterbuckets...worms don't like water.

Reusable title

Something like "Microsoft Bug May Attract Big Worm"???

We should be able to get rights to use that as a slogan. Timeless.

No sheet!

Cowboi Nellayyy: lookout timmy, I'm in back uv you with a n00 poll.
Timothy: what's it got?
Cowboi Nellayyy: Sesame seeds...
Timothy: Oh...I'll dispath the anti-Microsoft trollbots
Cowboi Nellayyy:Wilco...
Timothy: Roger that...
Cowboi Nellayyy: I am proceeding to approach the oven of public opinion...the loaf has been pinched...returning the pan to the baker.
OSDN: Aye comrade, here is return of 5 rupel deposit for pan.

Re:No sheet!

Ever heard of a dude named Monkey Crell?

Because Monkey Crell has heard of you.

We await transmission of document "Kill Monkey Crell.pdf"

NOW IT IS IN YOUR CONSIDERATION! PREPARE ACROBAT READER, BOYS!

Easier/Safer Update?

[haukex]

Hey everyone,

Has anyone found a place to download this patch without Windows Update? After recent discoveries I'm kinda reluctant...

Thanks!

Re:Why Navy rules....

[budcub]

Well they've already stopped support of the Sparc platform on 6.2. That's the main bone I have to pick with them.

Explain!

Teamhasnoi, or some other troll, please explain why a 2-foot-long worm is crawling out of my chijuaua's ass? And don't give me any shit about an Adam's Apple!

-SlashdotTroll (*because I have a right to know...and why I am limited to 2 posts in 24 hours. how do you expect me to improve my karmha, jackass moderators?)

Re:Is There An FAQ Just For Newbies?

First, I wasn't looking for a weblog. Some people might use Slashdot as a weblog, I use it as a discussion forum. It's far better in that regard.

Secondly, you don't use a search engine to find everything. To find the true gems you gotta ask people who are actually involved.

Third, I was asking for other sites, not Slashdot itself. I know I can filter, but so what? It doesn't improve the quality or quantity of the developer stories.

Fourth, Lambda is good, but it's as low trafficked as the non front page /. Developer stories.

Guess I'll stick to USENET!

Horrifically stale/offtopic

[Khakionion]

In Soviet Russia, IIS exploits your "hole!"

Obligatory Dune joke #2846

Sources indicate that the worm can be avoided by adding the line "walkwithrhythm=0" to your SYSTEM.INI file...

It has been determined that hackers are attaching arbitrary code to the worm and allowing it to infiltrate other computers by use of the MAKER.hook virus...

When asked to comment, the Beast Billgates Harkonnen reportedly replied, "He who controls the OS controls the root access. He who controls the root access controls the universe"...

Can I please go now?

WEBDAV + Scripting = Nimda Reprise?

[pophop]

With webddav exploits available for IIS and the with the recently announced windows scripting vulnerability on the desktop is the situation right for a Nimda reprise? Nimda worked off a combination of IIS flaws and the readme.eml exploit at the browser. Looks like the right mix is here again.

NEWS FLASH

[squireofgothos]

Experts expect it to be exploited heavily...

And in other news, the sky is blue and the grass is green.

Film on my teeth at 11!

Worms feed on Bugs?

[GrimReality]

I didn't know bugs were considered a delicay by worms. At least not enough to attract them.

Thank you.

GrimReality
2003-03-20 02:14:42 UTC (2003-03-19 21:14:42 EST)

Re:Is There An FAQ Just For Newbies?

1) First, I wasn't looking for a weblog. Some people might use Slashdot as a weblog, I use it as a discussion forum.

lambda is also 'a discussion forum'

2) To find the true gems you gotta ask people who are actually involved

you asked and ignored the answer

3) Third, I was asking for other sites, not Slashdot itself.

<sarcasm>yes, a slashdot security thread is the best place to ask that question</sarcasm>

4) Fourth, Lambda is good, but it's as low trafficked as the non front page /. Developer stories.

low traffic == low noise

<whore>I have received one offtopic moderation in the last 24 posts, and 5 moderations up to +5.</whore>

get a life

Guess I'll stick to USENET!

please do. at least people won't have to suffer your karma whoring and parlous abuse of the +1 posting bonus.

You're not likely to find the inventor on /.

[guardian-ct]

I doubt there are many MS OS Coders posting on /. much these days. Especially not the "one" who invented executable email. It seems to me that a lot of MS Things get designed by committee.

So use Java -- WAS Re:For the lazy......

[JBhoy]

From the technical bulletin:

The Windows Script Engine provides Windows operating systems with the ability to execute script code. Script code can be used to add functionality to web pages, or to automate tasks within the operating system or within a program. Script code can be written in several different scripting languages, such as Visual Basic Script, or JScript. A flaw exists in the way by which the Windows Script Engine for JScript processes information. An attacker could exploit the vulnerability by constructing a web page that, when visited by the user, would execute code of the attacker's choice with the user's privileges. The web page could be hosted on a web site, or sent directly to the user in email.

Translation. Lack of a sandbox screws us again.

This is the kind of problem the Java sandbox resolves. ActiveX and dumbed-down scripting engines may satisfy web designers working in a Windows desktop world, but they are an invitation to disaster on a distributed network like the Internet.

Yet another reason to NOT use Outlook. Evolution, anyone?

Re:So use Java -- WAS Re:For the lazy......

Do you work for Sun or are simply naive? Why do you believe that the browser's JVM itself is not subject to buffer overflow exploits? Gee, the JVM is not written in Java - it's written in C and C++. Ever wonder what happens everytime the JVM crashes as it often does in Netscape/Mozilla/Microsoft browsers? It's a potential exploit. Get a clue.

Re:So use Java -- WAS Re:For the lazy......

[yerricde]

Why do you believe that the browser's JVM itself is not subject to buffer overflow exploits?

I have read somewhere that in the absence of faults due to heat, the JVM has been proven correct.

it's written in C and C++.

It's straightforward to write a C++ array class that bounds-checks array indices.

Re:So use Java -- WAS Re:For the lazy......

[JBhoy]

I realize you are an AC, but you are also wrong.

Educate yourself. Buffer overflow "exploits" don't work against the Java sandbox model.

Unicorn

[imbezol]

I thought I saw a Unicorn on the way home today, but it turned out to be a horse with one of its horns broken off.

Thump... Thump... Thump...

[starman97]

Look out!!
Here it comes!!

I like this write-up

[BortQ]

It's short, sweet and to the point.

Freaking Windows Update!!

[Bilbo]

Hearing about this bug, I thought I should run another Windows Update on my game box... just to be safe. Well, it ran as normal, but when I rebooted (as you ALWAYS have to do after an update), I noticed something strange. I didn't get the usual login prompt.

Aparrently, the update apparently broke my Windows Networking! I tried it on a couple other computers, and they all did the same thing. Network was still working fine for TCP/IP, but I couldn't see any other computers in the "Neighborhood".

Only way to fix it was to turn off file and folder sharing, reboot, turn it back on again, reload crap off the Win98 disk, and reboot again.

Anyone else see this, or am I just missing something obvious???

Mod up

[Ayanami+Rei]

More info
any other info about this?

yay again!

[NedTheNerd]

how many "major bugs" in windows arent exploited hevily? hell the only reason that one bug may not be exploited mroe than the other is that thare are so godam many!

But is is...

...an ALASKAN BULL WORM!!!???

i will call it

[m1chael]

spiceBlow.w32... muahhaha muhahahah muhahahahha muhahahahah.

HA HA HA!!!!!!!!

Linux rocks!
Winbloz SUCKS!!!!!!!!!

HA HA HA!!!!!!!!
Yeah baby, we be trollin!!!!

Previews in folder windows run scripts

[NaugaHunter]

There was one worm going around about a year and a half ago, that would get launched from the preview screen without the email being specifically opened. Well, we had finally gotten it mostly cleaned from our systems and one guy was checking his hard drive. He clicked on a file he didn't recognize, it tried to show the web-formatted document in a preview, and launched the script again.

i guess my point is that many people will launch the script without opening the email, simply because as soon as the header is clicked on it will be displayed in the preview window. And yes, the preview window can be turned off; I'm just pointed out that reasonably responsible people using a standard feature would be hit without doing anything that could be labeled as dumb.

The score so far this week:

[tangent3]

Microsoft: 2
Linux: 1

Bets for the end of the week, anyone?

Information warfare

[Jeppe+Salvesen]

Yep. I expect angry kids or intelligence agencies to start doing damage to the internet at some point if this war lasts.

If you walk without rythm

you won't attract a worm

Did anybody else read:

[stomv]

Microsoft bug may attract big women ?

I'm sitting there thinking -- why would fatties have a thing for Microsoft? Bloated code?

Oh, never mind. Just wanted to blow some karma chunks.

Just An Observation

Has anybody noticed a certain progression here?

Long, long ago in internet time, didn't everybody laugh about the "Microsoft bug o' the month". Then this progressed to the "Microsoft bug o' the week".

Recently we seem to have progressed to the "Microsoft bug o' the day".

But now we have TWO BUGS reported in ONE day!!!

Can it be that Microsoft software has become so complex and bloated that bugs are being added faster than they can be fixed? Every new "Microsoft feature" adds more bugs! Every bug fix adds more bugs! Every change to a file format to break the old format adds more bugs!

And all this is what Microsoft calls "Trustworthy Computing"!

Re:Just An Observation

Hackers are re-orienting.

It used to be just plain easier to use exploits for UNIX. Shells can access everything, do a good exploit on a SUID process and BANG, rootshell. Then you own the machine.

Now, UNIX/linux tends to get patched pretty fast, but Windows almost never gets patched. People run services they don't need to, and often don't know about it. These services have bugs (don't they all), but in their case they are not being monitored, and the bugs are not getting fixed. And, Windows shells are progressing.

So now crackers are re-orienting. The IIS remote root exploit was a zero day exploit - the first discovery came from a cracked military machine.

It is gonna get a lot worse in the near future.

Yes but

Have they told that airhead secretary yet, the one who has been too busy doing her nails to notice.

She is the one who is going to read that email with the "interesting" attachment or visit that "hostile" web site!!!

Re:Is There An FAQ Just For Newbies?

please do. at least people won't have to suffer your karma whoring and parlous abuse of the +1 posting bonus.

Ooh, touchy touchy!

<whore>I have received one offtopic moderation in the last 24 posts, and 5 moderations up to +5.</whore>

get a life

You're the one feeding the whore, pimp. :-D

I am running a strange version of Windows

[gosand]

To determine which version of Microsoft Windows you are running:
1. On the taskbar at the bottom of your screen, click Start, and then click Run.
2. In the Run dialog box, type: winver
3. Click OK.
A dialog box displays the version that you are running.

Hmm. I guess I am running Windows version
"A fatal exception 0E has occurred at 0028:C004CDCF in VXD VNTFS(01)+ 0000B897. The current application will be terminated."

Reminds me of an exchange from a Dune movie

[DoNotTauntHappyFunBa]

Usul: "Stilgar, do we have worm sign?"
Stilgar: "Usul, we have worm sign the likes of which even God has never seen!"