For the lazy......
by
dirkdidit
·
· Score: 4, Informative
WASHINGTON -- Microsoft Corp. on Wednesday warned about a serious flaw in almost every version of its popular Windows software that could allow hackers to seize control of a person's computer when victims read e-mails or visit Web sites.
Microsoft assessed the problem's urgency as critical, its highest level, and urged customers to download a free repairing patch immediately from its Web site, www.microsoft.com/security.
The company said it was unaware of any reports that hackers already had used the technique to break into computers, but the time between disclosure of a new flaw and such break-ins has become increasingly short.
Russ Cooper, a security expert for TruSecure Corp., based in Herndon, Va., predicted that antivirus software will be updated to protect users who might receive infected e-mails and that Web sites with infected pages would be shut down quickly once they are detected.
"I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs."
The problem involves tricking Windows into processing unsafe code built into a Web page or e-mail message. It was particularly unusual because it affected so many different versions of Windows, from Windows 98 to its latest Windows XP editions.
There was some good news. Microsoft said customers using the newest versions of its e-mail software, Outlook Express 6 and Outlook 2002, were protected from hackers trying to exploit the problem using e-mails.
Older versions of Outlook would also be safe if customers had manually applied another security patch, which Microsoft released in 2000 after the spread of the damaging "ILOVEYOU" virus.
Microsoft said customers could manually adjust settings hidden deep within its Internet Explorer browsing software to prevent Windows from processing the dangerous code. Experts, however, said that was not easy to do for many users and that it would cripple convenient functions for many popular Web sites.
Re:For the lazy......
by
gordyf
·
· Score: 5, Funny
"It's pretty unlikely any such exploit attempt will get legs."
The worm exploits versions from "Windows 98 to its latest Windows XP editions." Perhaps it's time to go back to Win 95!!
Mmmm, nostalgia.
1: This reply written in edlin. (Nah, not really.)
Re:For the lazy......
by
nolife
·
· Score: 2, Interesting
Microsoft said customers using the newest versions of its e-mail software, Outlook Express 6 and Outlook 2002, were protected from hackers trying to exploit the problem using e-mails.
They should have add the following, "or if you are using just about any other mail reader besides ours."
I love how MS attempts to twist the story here and appears to make it look like you should only be using the most recent versions of THEIR software to be safe. They completely fail to mention that the only reason any of this is possible is bacause of their software and its integration into IE and the OS. If you were using almost ANY OTHER email program not designed by them or one that did not use their glob job interent settings you would be safe also. I use Pegasus and it is not effected by this at all.
-- Bad boys rape our young girls but Violet gives willingly.
Re:For the lazy......
by
Ironfist.cmg
·
· Score: 1
Microsoft Corp. on Wednesday warned about a serious flaw in almost every version of its popular Windows software that could allow hackers to seize control of a person's computer when victims read e-mails or visit Web sites.
This is getting so routine these days that MS should just bolierplate the warning with a spot for the date.
You have to this week, because of Linux. After Microsoft's weekly publicity blitz on Monday with the IIS bug, Linux fired back with a local root exploit, thus stealing the limelight. Microsoft, which is feeling very threatened by Linux these days, could not let that stand.
The big question is whether or not The Penguin will escalate with another salvo tomorrow. If so, you will have a busy Windows-patching session before the week ends.
Ain't competition great?
-- As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I have both ms and linux servers, and it has been patch city all week. At least I know why. You know what they say, bad press is better than no press...
I know this is was off topic for the article, but since you are *grub* I will ask you a quick question. here goes
RH 8.0. Created grub password. Have not been prompted yet for it at any time. Downloaded 2.4.xx Athlon kernel. Will not upgrade. Failed three times. Would grub password have any thing to do with this?
Ahh yes, the grub password problem.. Well, here is what I would strongly recommend:
yea, if you look later on, its obvious he is a BSD snob. Saying to "format your drive and install BSD".
Anyone who thinks THIER brand of OS is the only that doesn't suck, is obviously a loser who doesn't live in the real world. I use several OS's for a good reason: use the right tool for the job. If someone ONLY uses one OS, then obviously they don't know shit about the others.
"The Lockergnome one" isn't specific enough. You're looking at only one of the Lockergnome MS vulnerability stories from that day. There are 3 stories about the IIS/WebDAV vuln and only 1 about the IE vuln ("Microsoft Warns Windows Users About Flaw"). Sad that there are 2 vulnerabilities reported on in one day, but...
No, it's not a Java exploit. It's a Windows Scripting exploit, meaning that even if you have Java turned off, but have Active Scripting (JScript/VBScript) enabled, you're still vulnerable. Of all things, it's a buffer overflow... in a SCRIPTING language.
what day is it again?
by
GweeDo
·
· Score: 4, Funny
It is monday...time to patch my Windows Boxes...
It is tuesday...time to patch my Linux boxes...
It is hump day...time to patch my Windows Boxes again...
Crap...what is Thursday gonna bring! And what is this gonna do to my loverly uptime!
Re:what day is it again?
by
AKnightCowboy
·
· Score: 2, Interesting
It is hump day...time to patch my Windows Boxes again... Crap...what is Thursday gonna bring!
Thursday, time to patch the SunRPC holes in Solaris. I WAS about to implement a central NFS server for our workstations, but Sun has so many problems with their RPC implementation resulting in root exploits I think I'll have to look for something else.
Re:what day is it again?
by
Anonymous Coward
·
· Score: 1, Funny
I thought Thursday was the day we discovered all the crap that broke because of the patches...
Hell no, YOU are the one that installed the patch that broke the servers, fix that on your OWN time, over the weekend or at night. That will teach you.
Considering how much exploited was this particular flaw, I don't think that a lot of servers will remain unpatched, but, anyway, I still receiving so much hits from CodeRed and Nimda that I will not be surprised if such worm have a big success.
I tried to RTFA. The 3 links that I read referred to the WebDAV exploit so I didn't bother with the 4th. Now looking at the 4th I see it's YAWE rather than YAIISE.
It doesn't look good for OS X
by
teamhasnoi
·
· Score: 5, Funny
Big worms are unusually fond of Apples.
You might want to cover your Macintosh with a thin layer of paraffin, or place it in a plastic bag this week; that should deter any worms.
How to check if you are vulnerable
by
gmuslera
·
· Score: 5, Funny
From the Microsoft security bulletin --------------- How to Check Which Version You Have
If you are unsure whether a product you are running is affected by this issue, check the version.
To determine which version of Microsoft Windows you are running:
1. On the taskbar at the bottom of your screen, click Start, and then click Run.
2. In the Run dialog box, type: winver
3. Click OK.
A dialog box displays the version that you are running. -------------
If it say "Microsoft " and something else, you are vulnerable.
Re:How to check if you are vulnerable
by
product+byproduct
·
· Score: 1
...and if it says something else, your computer has already been compromized.
Re:How to check if you are vulnerable
by
mstrjon32
·
· Score: 1
Thank goodness for that utilitiy. I couldn't read the text to the left of the start menu that says "Windows 98". How would I have known which version I was running without winver?
Microsoft...always thinking ahead...
Re:How to check if you are vulnerable
by
archen
·
· Score: 1
If it say "Microsoft " and something else, you are vulnerable
If you have to do all that to figure out what version of windows you're using, your computer probably already has more viruses than a biological weapons factory.
-- Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
Re:Can bug affect hotmail or yahoo email?
by
johny_qst
·
· Score: 2, Informative
This affects all users who view HTML webpages with Internet Explorer or view HTML email on their windows box with an old version of Outlook or Outlook Express. If you are using another browser or email program you are still vulnerable if scripting is enabled. This is a problem with processing JScript. This is a problem for most M$ boxes. If using one please upgrade to another OS or update using windows update.
-- Fnord.sig
Re:Can bug affect hotmail or yahoo email?
by
ryanr
·
· Score: 1
The webmail sites usually do some javascript filtering, but there have been bypasses for those filters in the past, and probably will be in the future. If you're using IE to read mail on those sites, there's always a chance this bug might bite you.
lets play a game
by
xao+gypsie
·
· Score: 3, Funny
lets guess at how many root name servers will go down this time.....weee!!!
Yet another buffer overflow. In Windows. Yet another opportunity to send email viruses in Outlook. Yet another opportunity for Linux geeks to make fun of "M$."
While this is important news for Windows users, I expect MS has already told them. Move along, nothing to see here.
-- I hereby place the above post in the public domain.
This is NOT working!!!!
by
the_real_tigga
·
· Score: 4, Funny
I just tried this and wanted to warn others:
YOU WON'T BE ABLE TO TELL THE VERSION FROM THIS! Microsoft must be saying something wrong!!!
I got a window popping up, the title was "Sorry - KDesktop", and then "winver" and "Could not run the specified command!"
So it's not woring. QED.
-- my.sig is better than yours.
Re:This is NOT working!!!!
by
CrazyDuke
·
· Score: 1
Please download this shell script. You can use the following instructions: wget http://www.freeos.com/guides/lsst/scripts/q19 chm od 777./q19 link -s./q19 winver winver
-- Any sufficiently advanced influence is indistinguishable from control.
Celebration times come on! With slashdot now reporting speculations on future events, we can drop shit on Microsoft even before bad things have happened!
Probably because he's talking about the wrong exploit.
-- "I assumed blithely that there were no elves out there in the darkness"
Re:Why Navy rules....
by
titzandkunt
·
· Score: 2, Funny
Hey - me too!
(Defense, software, navy, RH6.2)
Who knows, maybe we sit at adjacent desks...
If that's the case, next time, will you fill the friggen' coffee machine up when you take the last cup?
T&K.
-- Political language... is designed to make lies sound truthful and murder respectable...
Two separate vulnerabilities
by
nweaver
·
· Score: 4, Informative
#1 is the WebDAV vulnerability, affecting IIS 5 on Win2k. This is the one used to corrupt the military web server in question, and is a very worm friendly (arbitrary remote execution) vulnerability. This is the most likely target of a worm, as it can be purely automatic (a'la slammer and Code Red), and gives full system access.
#2 is a script engine vulnerability, allowing an email message or web page to execute arbitrary code. Although good for mail worms, this is less autonomous-worm friendly: it's a good secondary way to cross a firewall, but users need to read the email to spread, making a slower worm, something in the ballpark of an auto-executing Klez: a pain but nothing catastrophic. It also runs as the user, not as sysem, making it a (somewhat) less valuable exploit when targeting Win2k/XP.
Both are serious vulnerabilities which require patching, however.
In case you are curious...
by
Elwood+P+Dowd
·
· Score: 4, Informative
No, you are not crazy. These articles are all refering to the other MS issue this week: IIS's WebDAV remote buffer overflow attack.
There is, however, a new issue today. Use Windows Update. This new issue would allow operators of a malicious website to remote root your machine if you navigate to them. This applies to all (!) versions of Windows since Win98.
The worm-friendly bug is the old bug. So, technically speaking, this post is 100% dupe. It just happened to (luckily?) coincide with another MS security issue.
--
There are no trails. There are no trees out here.
Re:In case you are curious...
by
gmuslera
·
· Score: 1
This one is more worm friendly than the other. You know, Klez, Sircam, etc, ARE worms, and some of the most sucessful email worms are so because IE vulnerabilities (like the iframe bug). So this, that can be activated by a html mail, is the perfect opportunity for a big mail worm, and maybe easier to do than an obscure buffer overflow.
Re:In case you are curious...
by
erlando
·
· Score: 1
Quoteth the parent:
This new issue would allow operators of a malicious website to remote root your machine if you navigate to them.
According to Microsoft's advisory this exploit is only able to run with user priviledges. Although on Win9x this is always "root" it really shouldn't be the case on 2000 and XP. Because you really don't use your Administrator-account to browse the web, do you?
-- Remember, there are no stupid questions. But there are a lot of inquisitive idiots.
Re:In case you are curious...
by
mark-t
·
· Score: 1
It just happened to (luckily?) coincide with another MS security issue
Considering how often such issues come up, it's almost inevitable that such "coincidences" should happen semi-regularly.
Re:In case you are curious...
by
jred
·
· Score: 1
You & I don't, but most people will. By default, WinXP gives the user admin rights. Not always, and I haven't looked into it enough to know why, but most of the time.
--
jred
I'm not a mechanic but I play one in my garage...
Believe it or not, Microsoft has had more than one security flaw in it's operating systems (just like Linux!!). This isn't the same bug as the one mentionned yesterday. Duh!
Had you read the article, or indeed, any of the previous comments, you'd have realised that you're as dumb as someone who wants to bomb Iraq for Oil.
Nick...
Microsoft's lesson from Herbert
by
whm
·
· Score: 4, Funny
Walk without rhythm, and you won't attract the worm.
Shai-Hulud's a-coming!
Re:Microsoft's lesson from Herbert
by
Desperado
·
· Score: 3, Funny
Walk without rhythm, and you won't attract the worm.
That will be natural for me....I'm Caucasian.
-- If you're not living on the edge, you're taking up too much space.
So there I was at a Halloween party. This woman dressed up as a giant insect walks up. I realise she has a Microsoft logo on the chest of her costume.
I was hooked.
"So," she asked "does me being a Microsoft Bug make your Big Worm want to come out and play?" I was flabbergasted.. There I was being asked this by the woman of my dreams and I was wearing a Tequila Bottle costume...
The problem involves tricking Windows into processing unsafe code built into a Web page or e-mail message...
Microsoft said customers could manually adjust settings hidden deep within its Internet Explorer browsing software to prevent Windows from processing the dangerous code. Experts, however, said that was not easy to do for many users and that it would cripple convenient functions for many popular Web sites.
IOW, it's Yet Another Java 'Sploit; turn off ActiveX and Javascript [or just not use IE] and you're safe(er).
As far as crippling 'convenient functions'... I don't know who calls pop-ups, Flash ads, or other common webpage uses of Java/ActiveX convenient.
-- if the answer isn't violence, neither is your silence
/ freedom of expression doesn't make it alright
I sometimes wonder
by
sielwolf
·
· Score: 4, Interesting
If any of this does any good (outside of warning Windows admins). People who have used computers for twenty years still have no idea how these exploits and bugs work. They think that Kevin Mitnick can hack a computer with a telephone (ala Scanners) but don't think twice about double-clicking an email from "1337user@aol.com".
I sometimes think that education has been a problem, as all of these reports usually come with a verbose "what this does, what it doesn't, what you should do." So then I go on to think that it must be some sort of lethargy on the part of Joe End User. So then I think that a serious entrance learning curve would do the trick (i.e. stick every one on some old terminals).
But I think a threshold has been crossed. People now need to use computers. Colleges and businesses are going paperless, demanding a higher level of computer savvy... but all the while ignoring basic user compotence. Computer use is either "so simple a monkey could do it" or "impossible for anyone but geeks to understand". It's as if most users are satisfied to never understand how their "magic box" works.
This wouldn't bother me too much if it didn't seem that this same disease has seemingly infected a significant minority of admins out there (considering how ridiculously some of these viruses spread). Of course many of these seem to be (in my experience) non-CS academic types who "need" Unix workstations but are uninterested in protecting them.
-- What is music when you despise all sound?
Re:I sometimes wonder
by
waveman
·
· Score: 5, Funny
"compotence" - there is something ironic about spelling this wrong.
It occurs to me that average people see *everything* as not only a "magic box" but what we often refer to as a "black box". Systems of politics, society, religion, ad infinitum flabbergast anyone who's not willing to use their (insert deity)-given senses and mental abilities.
-- Emacs: for people who just never know when to:q!
-- Doesn't it make you feel good to know that our freedoms are protected by politicans, lawyers and journalists.
Contradictions from the experts
by
dstone
·
· Score: 5, Interesting
Russ Cooper, moderator of the NTBugTraq security list and a security expert for TruSecure Corp., seems to be contradicting himself in two stories on the same day (or is being misquoted). Make of this what you will...
This story quotes Cooper: "I do expect that in the next seven to 10 days we're going to see a worldwide wave" of attacks, probably via an Internet worm, Cooper said Wednesday. "And it will be effective."
And this story quotes Cooper: ""I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs.""
Re:Contradictions from the experts
by
ryanr
·
· Score: 3, Informative
Probably because they are about two different vulns. Since the webdav hole is known to have an exploit already being used in the wild, it's pretty safe for Russ to say that it will be used.:)
He's probably also not too far off with the jscript integer overflow either. It's usually difficult to write an exploit that will work for all the different OS and jscript.dll versions, without simply crashing on a mismatched version. That makes an effective worm a lot less likely.
The Details
by
Anonymous Coward
·
· Score: 5, Informative
Technical details
Technical description:
The Windows Script Engine provides Windows operating systems with the ability to execute script code. Script code can be used to add functionality to web pages, or to automate tasks within the operating system or within a program. Script code can be written in several different scripting languages, such as Visual Basic Script, or JScript.
A flaw exists in the way by which the Windows Script Engine for JScript processes information. An attacker could exploit the vulnerability by constructing a web page that, when visited by the user, would execute code of the attacker's choice with the user's privileges. The web page could be hosted on a web site, or sent directly to the user in email.
Although Microsoft has supplied a patch for this vulnerability and recommends all affected customers install the patch immediately, additional preventive measures have been provided that customers can use to help block the exploitation of this vulnerability while they are assessing the impact and compatibility of the patch. These temporary workarounds are discussed in the "Workarounds" section in the FAQ below.
Frequently asked questions:
What's the scope of the vulnerability?
This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could cause code of his or her choice to be executed as though it originated on the local machine.
What causes the vulnerability?
The vulnerability is caused by a heap overflow in the Windows Script Engine for the JScript scripting language, JScript.dll.
What is a scripting language?
Scripting languages can be used to add additional functionality to HTML web pages or operating systems. They can enable a web author to set and store variables, and work with data in the HTML code. For instance, a script can be used to check the version of the web browser a user is running, validate input, work with applets or controls, and communicate to the user.
In addition, scripts can be used in Windows to automate operating system tasks such as changing settings or mapping a network drive.
What is a scripting engine?
The Windows Scripting Engine serves as the component within Windows that interprets and executes script code written in scripting languages such as JScript or VBscript.
What is JScript?
JScript is the Microsoft implementation of the ECMA 262 language specification (ECMAScript Edition 3).
It is an interpreted, object-based scripting language. In general, JScript has fewer capabilities than full-fledged object-oriented languages like C++. Stand-alone applications cannot be written in JScript, for example. JScript scripts can run only in the presence of an interpreter or "host", such as Active Server Pages (ASP), Internet Explorer, or Windows Script Host.
What's wrong with the Windows Script Engine for JScript?
There is a flaw in the way the JScript scripting engine processes the script. It does not correctly size a buffer during a memory operation.
What could this vulnerability enable an attacker to do?
This vulnerability could enable an attacker to cause code of the attacker's choice to run with user privileges on the system.
If I am not using Internet Explorer do I need the patch?
Yes. The vulnerability exists in the Windows Script Engine. Microsoft recommends all customers install the patch immediately.
How could an attacker exploit this vulnerability?
The attacker would need to construct a web page that contained specially formed script code. The attack could then proceed via either of two vectors. In the first, the attacker could host the web page on a web site; when a user visited the site, the web page could launch the script and exploit the vulnerability. In the second, the attacker could send the web page as an HTML mail. Upon being opened by the recipient, the web page could attempt to invoke the function and exploit the vulnerab
RTFA yourself. Both articles refer to the problems as a buffer overflow in IIS's WebDAV functionality.
Windows Update not working?
by
mtcrowe
·
· Score: 5, Interesting
Has anyone tried to use Windows Update to grab this patch? I'm running WinXP at work and just tried to hit Windows Update to let it auto-magically determine which update(s) to send to me. However - it came back and said everything was already hunky dory, no patches available.
I checked www.microsoft.com/security and looked up the MS03-008 patch for XP. It had a Qfix number starting with 8. I then compared against the Qfixed installed in my add/remove programs listing and it wasn't there...
I'm wondering whether they forgot to include that patch on the WU site for WinXP users. Seems to me like that would be one of the most critical places to put it for all of the normal user-folk.
So, I manually downloaded and installed the "Js56en" patch on WinXP and it took.
As an aside - I was very concerned when MS announced the Windows Scripting Host functionality. My thinking at the time (and again now) is that they allow so many file types to be executed that there's just no way they can keep all of the bugs out of all of those interpreters. Figured it would just be a matter of time..
Re:Windows Update not working?
by
VividU
·
· Score: 1
Windows Update worked just fine on my Win2K box.
Re:Windows Update not working?
by
SailorBob
·
· Score: 1
How do you manually download these patches? I'm not running windows update (it only works with IE) and so the page just sent me to ms download center. The last patch listed there is from the March 17.
I can't believe I read it here first
by
perp
·
· Score: 2, Interesting
From the advisory, which is now in my mailbox, (though it wasn't a few hours ago when I left work) Microsoft was initially notified last July, iDefense's (paying) clients were notified in January and we, the great unwashed, are just hearing about this now.
Actually the receptionist(!) at work forwarded me a news story about this from the local tabloid newspaper this afternoon, but the article was so non-technical that it was impossible to tell what exploit they were talking about (and there were no links), so I postponed looking into it until I heard more.
I read BugTraq religiously. Looks like I need to get another religion if I want to save my soul, let alone my ass. Fortunately, at our site, use of either IE or Outlook is punishable by a severe whacking, so we shouldn't be too badly off.
-- There are two kinds of sysadmins: paranoids and losers. I'm both kinds.
Re:Why Navy rules....
by
Corgha
·
· Score: 1, Offtopic
Maybe this is a stupid question, but what is the point of enabling such feature as running executable code received in an e-mail? I know what everybody on Slashdot think (except for those 1337 H4X0RZ who find this useful). I just want to know the answer from inventor of this "feature".
With webddav exploits available for IIS and the with the recently announced windows scripting vulnerability on the desktop is the situation right for a Nimda reprise? Nimda worked off a combination of IIS flaws and the readme.eml exploit at the browser. Looks like the right mix is here again.
Does anyone know if this flaw got beyond the theoretical level - i.e., were any exploits discovered, "in the wild"?
> When a (serious) MS bug is found...
Well, we already know one "military" server was owned by an unknown cracker, so exploits already exist out there, and they are being used.
In other words, yes it is biased reporting (what else do you expect on/.?), but there are very different levels of severity here. Bugs are everywhere, but not all bugs are created equal.
-- Your Servant, B. Baggins
You're not likely to find the inventor on /.
by
guardian-ct
·
· Score: 1
I doubt there are many MS OS Coders posting on/. much these days. Especially not the "one" who invented executable email. It seems to me that a lot of MS Things get designed by committee.
So use Java -- WAS Re:For the lazy......
by
JBhoy
·
· Score: 1
From the technical bulletin:
The Windows Script Engine provides Windows operating systems with the ability to execute script code. Script code can be used to add functionality to web pages, or to automate tasks within the operating system or within a program. Script code can be written in several different scripting languages, such as Visual Basic Script, or JScript.
A flaw exists in the way by which the Windows Script Engine for JScript processes information. An attacker could exploit the vulnerability by constructing a web page that, when visited by the user, would execute code of the attacker's choice with the user's privileges. The web page could be hosted on a web site, or sent directly to the user in email.
Translation. Lack of a sandbox screws us again.
This is the kind of problem the Java sandbox resolves. ActiveX and dumbed-down scripting engines may satisfy web designers working in a Windows desktop world, but they are an invitation to disaster on a distributed network like the Internet.
Yet another reason to NOT use Outlook. Evolution, anyone?
Re:So use Java -- WAS Re:For the lazy......
by
Anonymous Coward
·
· Score: 1
Do you work for Sun or are simply naive? Why do you believe that the browser's JVM itself is not subject to buffer overflow exploits? Gee, the JVM is not written in Java - it's written in C and C++. Ever wonder what happens everytime the JVM crashes as it often does in Netscape/Mozilla/Microsoft browsers? It's a potential exploit. Get a clue.
Re:So use Java -- WAS Re:For the lazy......
by
yerricde
·
· Score: 1
Why do you believe that the browser's JVM itself is not subject to buffer overflow exploits?
I have read somewhere that in the absence of faults due to heat, the JVM has been proven correct.
it's written in C and C++.
It's straightforward to write a C++ array class that bounds-checks array indices.
Hearing about this bug, I thought I should run another Windows Update on my game box... just to be safe. Well, it ran as normal, but when I rebooted (as you ALWAYS have to do after an update), I noticed something strange. I didn't get the usual login prompt.
Aparrently, the update apparently broke my Windows Networking! I tried it on a couple other computers, and they all did the same thing. Network was still working fine for TCP/IP, but I couldn't see any other computers in the "Neighborhood".
Only way to fix it was to turn off file and folder sharing, reboot, turn it back on again, reload crap off the Win98 disk, and reboot again.
Anyone else see this, or am I just missing something obvious???
how many "major bugs" in windows arent exploited hevily? hell the only reason that one bug may not be exploited mroe than the other is that thare are so godam many!
Previews in folder windows run scripts
by
NaugaHunter
·
· Score: 1
There was one worm going around about a year and a half ago, that would get launched from the preview screen without the email being specifically opened. Well, we had finally gotten it mostly cleaned from our systems and one guy was checking his hard drive. He clicked on a file he didn't recognize, it tried to show the web-formatted document in a preview, and launched the script again.
i guess my point is that many people will launch the script without opening the email, simply because as soon as the header is clicked on it will be displayed in the preview window. And yes, the preview window can be turned off; I'm just pointed out that reasonably responsible people using a standard feature would be hit without doing anything that could be labeled as dumb.
-- R: That voice. Where have I heard that voice before?
B: In about 365 other episodes. But I don't know who it is either.
The score so far this week:
by
tangent3
·
· Score: 1
I am running a strange version of Windows
by
gosand
·
· Score: 1
To determine which version of Microsoft Windows you are running:
1. On the taskbar at the bottom of your screen, click Start, and then click Run.
2. In the Run dialog box, type: winver
3. Click OK.
A dialog box displays the version that you are running.
Hmm. I guess I am running Windows version "A fatal exception 0E has occurred at 0028:C004CDCF in VXD VNTFS(01)+ 0000B897. The current application will be terminated."
--
My beliefs do not require that you agree with them.
Reminds me of an exchange from a Dune movie
by
DoNotTauntHappyFunBa
·
· Score: 1
Usul: "Stilgar, do we have worm sign?"
Stilgar: "Usul, we have worm sign the likes of which even God has never seen!"
-- Well, hey, I didn't spend all those years playing Dungeons and Dragons and not learn a little something about courage.
Slashdot Mirror
WASHINGTON -- Microsoft Corp. on Wednesday warned about a serious flaw in almost every version of its popular Windows software that could allow hackers to seize control of a person's computer when victims read e-mails or visit Web sites.
Microsoft assessed the problem's urgency as critical, its highest level, and urged customers to download a free repairing patch immediately from its Web site, www.microsoft.com/security.
The company said it was unaware of any reports that hackers already had used the technique to break into computers, but the time between disclosure of a new flaw and such break-ins has become increasingly short.
Russ Cooper, a security expert for TruSecure Corp., based in Herndon, Va., predicted that antivirus software will be updated to protect users who might receive infected e-mails and that Web sites with infected pages would be shut down quickly once they are detected.
"I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs."
The problem involves tricking Windows into processing unsafe code built into a Web page or e-mail message. It was particularly unusual because it affected so many different versions of Windows, from Windows 98 to its latest Windows XP editions.
There was some good news. Microsoft said customers using the newest versions of its e-mail software, Outlook Express 6 and Outlook 2002, were protected from hackers trying to exploit the problem using e-mails.
Older versions of Outlook would also be safe if customers had manually applied another security patch, which Microsoft released in 2000 after the spread of the damaging "ILOVEYOU" virus.
Microsoft said customers could manually adjust settings hidden deep within its Internet Explorer browsing software to prevent Windows from processing the dangerous code. Experts, however, said that was not easy to do for many users and that it would cripple convenient functions for many popular Web sites.
Top officials have decided to post it on Slashdot.
webpage
I thought Monday was the official MS patch day? As an MS admin I'm not expected to work two days a week, am I?
Already patched, thanks in part to VNC.
This story is being given big licks because everybody with a desktop thinks MS rules the world.
Of course, MS has been getting screwed in the server market for years and so this is not quite as big as they think...plus it's a week old story!
The Early Bird OS?
Sheesh, evil *and* a jerk. -- Jade
From an AP article:
"I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs."
Russ Cooper is a security expert for TruSecure Corp., based in Herndon, Va.
There seems to be some disagreement on the exploitability of this.
Inconceivable!
Half the stories linked to are for the wrong vuln. I think they're supposed to be warning us about this one:
i ns/ms03-008.asp
http://www.microsoft.com/security/security_bullet
It is monday...time to patch my Windows Boxes... It is tuesday...time to patch my Linux boxes... It is hump day...time to patch my Windows Boxes again... Crap...what is Thursday gonna bring! And what is this gonna do to my loverly uptime!
Unstable Apps: Our Android Apps Don't Suck
Considering how much exploited was this particular flaw, I don't think that a lot of servers will remain unpatched, but, anyway, I still receiving so much hits from CodeRed and Nimda that I will not be surprised if such worm have a big success.
You were just caught off guard by MS having two major patches in a single week.
I heard he smoked a fool over 20 bucks!
www.cgisecurity.com
www.cgisecurity.com/lib
You might want to cover your Macintosh with a thin layer of paraffin, or place it in a plastic bag this week; that should deter any worms.
From the Microsoft security bulletin
---------------
How to Check Which Version You Have
If you are unsure whether a product you are running is affected by this issue, check the version.
To determine which version of Microsoft Windows you are running:
1. On the taskbar at the bottom of your screen, click Start, and then click Run.
2. In the Run dialog box, type: winver
3. Click OK.
A dialog box displays the version that you are running.
-------------
If it say "Microsoft " and something else, you are vulnerable.
Can we just have a Microsoft hack/exploit/bug page that is always there. This will spare the rest of us the repeated bombardment of notices. Old7
Or must you be using Outlook for email to be vulnerable to this bug? The Microsoft website is extremely vague on this matter.
lets guess at how many root name servers will go down this time.....weee!!!
xao
xao
http://TheHillforum.hopto.org
Yet another buffer overflow. In Windows. Yet another opportunity to send email viruses in Outlook. Yet another opportunity for Linux geeks to make fun of "M$."
While this is important news for Windows users, I expect MS has already told them. Move along, nothing to see here.
I hereby place the above post in the public domain.
I just tried this and wanted to warn others:
YOU WON'T BE ABLE TO TELL THE VERSION FROM THIS!
Microsoft must be saying something wrong!!!
I got a window popping up, the title was "Sorry - KDesktop", and then "winver" and "Could not run the specified command!"
So it's not woring. QED.
my
/me retreats hurredly back to the security stronghold of his Linux system
-------
"In times of universal deceit, telling the truth becomes a revolutionary act."
-- George Orwell
Experts expect it to be exploited heavily.
Celebration times come on!
With slashdot now reporting speculations on future events, we can drop shit on Microsoft even before bad things have happened!
my
I like it how he doesn't go on to give any tecnical reasons why there won't be widespread exploit attempts.
Hey - me too!
(Defense, software, navy, RH6.2)
Who knows, maybe we sit at adjacent desks...
If that's the case, next time, will you fill
the friggen' coffee machine up when you take
the last cup?
T&K.
Political language
#1 is the WebDAV vulnerability, affecting IIS 5 on Win2k. This is the one used to corrupt the military web server in question, and is a very worm friendly (arbitrary remote execution) vulnerability. This is the most likely target of a worm, as it can be purely automatic (a'la slammer and Code Red), and gives full system access.
#2 is a script engine vulnerability, allowing an email message or web page to execute arbitrary code. Although good for mail worms, this is less autonomous-worm friendly: it's a good secondary way to cross a firewall, but users need to read the email to spread, making a slower worm, something in the ballpark of an auto-executing Klez: a pain but nothing catastrophic. It also runs as the user, not as sysem, making it a (somewhat) less valuable exploit when targeting Win2k/XP.
Both are serious vulnerabilities which require patching, however.
Test your net with Netalyzr
No, you are not crazy. These articles are all refering to the other MS issue this week: IIS's WebDAV remote buffer overflow attack.
There is, however, a new issue today. Use Windows Update. This new issue would allow operators of a malicious website to remote root your machine if you navigate to them. This applies to all (!) versions of Windows since Win98.
The worm-friendly bug is the old bug. So, technically speaking, this post is 100% dupe. It just happened to (luckily?) coincide with another MS security issue.
There are no trails. There are no trees out here.
I usually use a thumper to call Shai-Hulud.
Truth suffers from too much analysis.
Ancient Fremen Saying
It's not a dupe. RTFA!
Believe it or not, Microsoft has had more than one security flaw in it's operating systems (just like Linux!!). This isn't the same bug as the one mentionned yesterday. Duh!
Had you read the article, or indeed, any of the previous comments, you'd have realised that you're as dumb as someone who wants to bomb Iraq for Oil.
Nick...
Walk without rhythm, and you won't attract the worm.
Shai-Hulud's a-coming!
it won't attrack the worm
Surf without I.E.
and it won't attrack the worm
Surf without I.E.
and it won't attrack the worm
Surf without I.E.
ah, you'll never burn
Boobies never hurt anyone. - Sherry Glaser.
Hasn't Red Hat stopped support of 6.2? Hmmmmm...
From the "Mitigating Factors" section of Microsoft's bulletin:
- For an attack to be successful, the user would need to visit a website under the attacker's control or receive an HTML e-mail from the attacker.
They forgot some other mitigating factors, like:
- the user's machine would have to be connected to a source of AC power
etc.
I think they're suppose to be warning about this one. Damn MS security vulnerabilities. Too many to keep track of.
http://developers.slashdot.org/
Microsoft Bug May Attract Big Worm
So there I was at a Halloween party. This woman dressed up as a giant insect walks up. I realise she has a Microsoft logo on the chest of her costume.
I was hooked.
"So," she asked "does me being a Microsoft Bug make your Big Worm want to come out and play?" I was flabbergasted.. There I was being asked this by the woman of my dreams and I was wearing a Tequila Bottle costume...
Trolling is a art,
Let's not give anyone any ideas now... It wouldn't surprise me if there are a dozen different worms running around the internet tomorrow.
/. is almost as bad as how CNN was during the Rodney King Riots...
Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
"increasingly short". Sort like getting more less.
The Mongrel Dogs Who Teach
You seem to like Soviet Russia and Natalie Portman well enough...
May we never see th
IOW, it's Yet Another Java 'Sploit; turn off ActiveX and Javascript [or just not use IE] and you're safe(er).
As far as crippling 'convenient functions'... I don't know who calls pop-ups, Flash ads, or other common webpage uses of Java/ActiveX convenient.
if the answer isn't violence, neither is your silence / freedom of expression doesn't make it alright
If any of this does any good (outside of warning Windows admins). People who have used computers for twenty years still have no idea how these exploits and bugs work. They think that Kevin Mitnick can hack a computer with a telephone (ala Scanners) but don't think twice about double-clicking an email from "1337user@aol.com".
I sometimes think that education has been a problem, as all of these reports usually come with a verbose "what this does, what it doesn't, what you should do." So then I go on to think that it must be some sort of lethargy on the part of Joe End User. So then I think that a serious entrance learning curve would do the trick (i.e. stick every one on some old terminals).
But I think a threshold has been crossed. People now need to use computers. Colleges and businesses are going paperless, demanding a higher level of computer savvy... but all the while ignoring basic user compotence. Computer use is either "so simple a monkey could do it" or "impossible for anyone but geeks to understand". It's as if most users are satisfied to never understand how their "magic box" works.
This wouldn't bother me too much if it didn't seem that this same disease has seemingly infected a significant minority of admins out there (considering how ridiculously some of these viruses spread). Of course many of these seem to be (in my experience) non-CS academic types who "need" Unix workstations but are uninterested in protecting them.
What is music when you despise all sound?
Neither do viruses.
Doesn't it make you feel good to know that our freedoms are protected by politicans, lawyers and journalists.
Russ Cooper, moderator of the NTBugTraq security list and a security expert for TruSecure Corp., seems to be contradicting himself in two stories on the same day (or is being misquoted). Make of this what you will...
This story quotes Cooper: "I do expect that in the next seven to 10 days we're going to see a worldwide wave" of attacks, probably via an Internet worm, Cooper said Wednesday. "And it will be effective."
And this story quotes Cooper: ""I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs.""
Technical details
Technical description:
The Windows Script Engine provides Windows operating systems with the ability to execute script code. Script code can be used to add functionality to web pages, or to automate tasks within the operating system or within a program. Script code can be written in several different scripting languages, such as Visual Basic Script, or JScript.
A flaw exists in the way by which the Windows Script Engine for JScript processes information. An attacker could exploit the vulnerability by constructing a web page that, when visited by the user, would execute code of the attacker's choice with the user's privileges. The web page could be hosted on a web site, or sent directly to the user in email.
Although Microsoft has supplied a patch for this vulnerability and recommends all affected customers install the patch immediately, additional preventive measures have been provided that customers can use to help block the exploitation of this vulnerability while they are assessing the impact and compatibility of the patch. These temporary workarounds are discussed in the "Workarounds" section in the FAQ below.
Frequently asked questions:
What's the scope of the vulnerability?
This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could cause code of his or her choice to be executed as though it originated on the local machine.
What causes the vulnerability?
The vulnerability is caused by a heap overflow in the Windows Script Engine for the JScript scripting language, JScript.dll.
What is a scripting language?
Scripting languages can be used to add additional functionality to HTML web pages or operating systems. They can enable a web author to set and store variables, and work with data in the HTML code. For instance, a script can be used to check the version of the web browser a user is running, validate input, work with applets or controls, and communicate to the user.
In addition, scripts can be used in Windows to automate operating system tasks such as changing settings or mapping a network drive.
What is a scripting engine?
The Windows Scripting Engine serves as the component within Windows that interprets and executes script code written in scripting languages such as JScript or VBscript.
What is JScript?
JScript is the Microsoft implementation of the ECMA 262 language specification (ECMAScript Edition 3).
It is an interpreted, object-based scripting language. In general, JScript has fewer capabilities than full-fledged object-oriented languages like C++. Stand-alone applications cannot be written in JScript, for example. JScript scripts can run only in the presence of an interpreter or "host", such as Active Server Pages (ASP), Internet Explorer, or Windows Script Host.
What's wrong with the Windows Script Engine for JScript?
There is a flaw in the way the JScript scripting engine processes the script. It does not correctly size a buffer during a memory operation.
What could this vulnerability enable an attacker to do?
This vulnerability could enable an attacker to cause code of the attacker's choice to run with user privileges on the system.
If I am not using Internet Explorer do I need the patch?
Yes. The vulnerability exists in the Windows Script Engine. Microsoft recommends all customers install the patch immediately.
How could an attacker exploit this vulnerability?
The attacker would need to construct a web page that contained specially formed script code. The attack could then proceed via either of two vectors. In the first, the attacker could host the web page on a web site; when a user visited the site, the web page could launch the script and exploit the vulnerability. In the second, the attacker could send the web page as an HTML mail. Upon being opened by the recipient, the web page could attempt to invoke the function and exploit the vulnerab
RTFA yourself. Both articles refer to the problems as a buffer overflow in IIS's WebDAV functionality.
Has anyone tried to use Windows Update to grab this patch? I'm running WinXP at work and just tried to hit Windows Update to let it auto-magically determine which update(s) to send to me. However - it came back and said everything was already hunky dory, no patches available.
I checked www.microsoft.com/security and looked up the MS03-008 patch for XP. It had a Qfix number starting with 8. I then compared against the Qfixed installed in my add/remove programs listing and it wasn't there...
I'm wondering whether they forgot to include that patch on the WU site for WinXP users. Seems to me like that would be one of the most critical places to put it for all of the normal user-folk.
So, I manually downloaded and installed the "Js56en" patch on WinXP and it took.
As an aside - I was very concerned when MS announced the Windows Scripting Host functionality. My thinking at the time (and again now) is that they allow so many file types to be executed that there's just no way they can keep all of the bugs out of all of those interpreters. Figured it would just be a matter of time..
Wasn't this story posted last month... And the month before? And the week before that? And the month before...
From the advisory, which is now in my mailbox, (though it wasn't a few hours ago when I left work) Microsoft was initially notified last July, iDefense's (paying) clients were notified in January and we, the great unwashed, are just hearing about this now.
Actually the receptionist(!) at work forwarded me a news story about this from the local tabloid newspaper this afternoon, but the article was so non-technical that it was impossible to tell what exploit they were talking about (and there were no links), so I postponed looking into it until I heard more.
I read BugTraq religiously. Looks like I need to get another religion if I want to save my soul, let alone my ass. Fortunately, at our site, use of either IE or Outlook is punishable by a severe whacking, so we shouldn't be too badly off.
There are two kinds of sysadmins: paranoids and losers. I'm both kinds.
Hasn't Red Hat stopped support of 6.2? Hmmmmm...
:)
Not until March 31st.
http://www.redhat.com/apps/support/errata/
Of course, I didn't see an update to their 2.2 series kernels in the RHSA for the ptrace vulnerability...
Maybe this is a stupid question, but what is the point of enabling such feature as running executable code received in an e-mail? I know what everybody on Slashdot think (except for those 1337 H4X0RZ who find this useful). I just want to know the answer from inventor of this "feature".
s/feature/bug/g if $OS=="Windows"
Russ Cooper, moderator of the NTBugTraq security list, which is owned by security services firm TruSecure, agreed that attack wasn't a serious one
Deepest Apologies...
"I assumed blithely that there were no elves out there in the darkness"
I recieved an email earlier today listing in excess of 100 vulnerable servers on my campus.
When will people realize that they need a secure OS!
Hey everyone,
Has anyone found a place to download this patch without Windows Update? After recent discoveries I'm kinda reluctant...
Thanks!
Well they've already stopped support of the Sparc platform on 6.2. That's the main bone I have to pick with them.
With webddav exploits available for IIS and the with the recently announced windows scripting vulnerability on the desktop is the situation right for a Nimda reprise? Nimda worked off a combination of IIS flaws and the readme.eml exploit at the browser. Looks like the right mix is here again.
"very like a whale..."
Experts expect it to be exploited heavily...
And in other news, the sky is blue and the grass is green.
Film on my teeth at 11!
There is no sig...
I didn't know bugs were considered a delicay by worms. At least not enough to attract them.
Thank you.
GrimReality
2003-03-20 02:14:42 UTC (2003-03-19 21:14:42 EST)
Does anyone know if this flaw got beyond the theoretical level - i.e., were any exploits discovered, "in the wild"?
> When a (serious) MS bug is found ...
Well, we already know one "military" server was owned by an unknown cracker, so exploits already exist out there, and they are being used.
In other words, yes it is biased reporting (what else do you expect on /.?), but there are very different levels of severity here. Bugs are everywhere, but not all bugs are created equal.
Your Servant, B. Baggins
I doubt there are many MS OS Coders posting on /. much these days. Especially not the "one" who invented executable email. It seems to me that a lot of MS Things get designed by committee.
From the technical bulletin:
Translation. Lack of a sandbox screws us again.
This is the kind of problem the Java sandbox resolves. ActiveX and dumbed-down scripting engines may satisfy web designers working in a Windows desktop world, but they are an invitation to disaster on a distributed network like the Internet.
Yet another reason to NOT use Outlook. Evolution, anyone?
I thought I saw a Unicorn on the way home today, but it turned out to be a horse with one of its horns broken off.
Look out!!
Here it comes!!
Starman97@Gmail.com (bring it on spammers)
It's short, sweet and to the point.
A Multiplayer Strategy Game for Mac OS X, Windows, and Linux
Aparrently, the update apparently broke my Windows Networking! I tried it on a couple other computers, and they all did the same thing. Network was still working fine for TCP/IP, but I couldn't see any other computers in the "Neighborhood".
Only way to fix it was to turn off file and folder sharing, reboot, turn it back on again, reload crap off the Win98 disk, and reboot again.
Anyone else see this, or am I just missing something obvious???
Your Servant, B. Baggins
More info
any other info about this?
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
how many "major bugs" in windows arent exploited hevily? hell the only reason that one bug may not be exploited mroe than the other is that thare are so godam many!
There was one worm going around about a year and a half ago, that would get launched from the preview screen without the email being specifically opened. Well, we had finally gotten it mostly cleaned from our systems and one guy was checking his hard drive. He clicked on a file he didn't recognize, it tried to show the web-formatted document in a preview, and launched the script again.
i guess my point is that many people will launch the script without opening the email, simply because as soon as the header is clicked on it will be displayed in the preview window. And yes, the preview window can be turned off; I'm just pointed out that reasonably responsible people using a standard feature would be hit without doing anything that could be labeled as dumb.
R: That voice. Where have I heard that voice before? B: In about 365 other episodes. But I don't know who it is either.
Microsoft: 2
Linux: 1
Bets for the end of the week, anyone?
I remember it, it really was bad.
Yep. I expect angry kids or intelligence agencies to start doing damage to the internet at some point if this war lasts.
Stop the brainwash
Microsoft bug may attract big women ?
I'm sitting there thinking -- why would fatties have a thing for Microsoft? Bloated code?
Oh, never mind. Just wanted to blow some karma chunks.
Support a few technologists in Washington.
1. On the taskbar at the bottom of your screen, click Start, and then click Run.
2. In the Run dialog box, type: winver
3. Click OK.
A dialog box displays the version that you are running.
Hmm. I guess I am running Windows version
"A fatal exception 0E has occurred at 0028:C004CDCF in VXD VNTFS(01)+ 0000B897. The current application will be terminated."
My beliefs do not require that you agree with them.
Usul: "Stilgar, do we have worm sign?"
Stilgar: "Usul, we have worm sign the likes of which even God has never seen!"
Well, hey, I didn't spend all those years playing Dungeons and Dragons and not learn a little something about courage.