You have to this week, because of Linux. After Microsoft's weekly publicity blitz on Monday with the IIS bug, Linux fired back with a local root exploit, thus stealing the limelight. Microsoft, which is feeling very threatened by Linux these days, could not let that stand.
The big question is whether or not The Penguin will escalate with another salvo tomorrow. If so, you will have a busy Windows-patching session before the week ends.
Ain't competition great?
-- As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
It doesn't look good for OS X
by
teamhasnoi
·
· Score: 5, Funny
Big worms are unusually fond of Apples.
You might want to cover your Macintosh with a thin layer of paraffin, or place it in a plastic bag this week; that should deter any worms.
How to check if you are vulnerable
by
gmuslera
·
· Score: 5, Funny
From the Microsoft security bulletin --------------- How to Check Which Version You Have
If you are unsure whether a product you are running is affected by this issue, check the version.
To determine which version of Microsoft Windows you are running:
1. On the taskbar at the bottom of your screen, click Start, and then click Run.
2. In the Run dialog box, type: winver
3. Click OK.
A dialog box displays the version that you are running. -------------
If it say "Microsoft " and something else, you are vulnerable.
Re:For the lazy......
by
gordyf
·
· Score: 5, Funny
"It's pretty unlikely any such exploit attempt will get legs."
Worms don't have legs anyway, do they?
Re:There seems to be some discrepency here...
by
blakestah
·
· Score: 5, Informative
No, I think you are missing it.
The article describes a remote root exploit that affects IIS servers.
You are citing an article on a remote root exploit based on a user reading an email or visiting a web site.
Different remote root exploits. The IIS one is expected to be a pain, the email reading/website visiting one is not.
So there I was at a Halloween party. This woman dressed up as a giant insect walks up. I realise she has a Microsoft logo on the chest of her costume.
I was hooked.
"So," she asked "does me being a Microsoft Bug make your Big Worm want to come out and play?" I was flabbergasted.. There I was being asked this by the woman of my dreams and I was wearing a Tequila Bottle costume...
-- Trolling is a art,
Contradictions from the experts
by
dstone
·
· Score: 5, Interesting
Russ Cooper, moderator of the NTBugTraq security list and a security expert for TruSecure Corp., seems to be contradicting himself in two stories on the same day (or is being misquoted). Make of this what you will...
This story quotes Cooper: "I do expect that in the next seven to 10 days we're going to see a worldwide wave" of attacks, probably via an Internet worm, Cooper said Wednesday. "And it will be effective."
And this story quotes Cooper: ""I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs.""
The Details
by
Anonymous Coward
·
· Score: 5, Informative
Technical details
Technical description:
The Windows Script Engine provides Windows operating systems with the ability to execute script code. Script code can be used to add functionality to web pages, or to automate tasks within the operating system or within a program. Script code can be written in several different scripting languages, such as Visual Basic Script, or JScript.
A flaw exists in the way by which the Windows Script Engine for JScript processes information. An attacker could exploit the vulnerability by constructing a web page that, when visited by the user, would execute code of the attacker's choice with the user's privileges. The web page could be hosted on a web site, or sent directly to the user in email.
Although Microsoft has supplied a patch for this vulnerability and recommends all affected customers install the patch immediately, additional preventive measures have been provided that customers can use to help block the exploitation of this vulnerability while they are assessing the impact and compatibility of the patch. These temporary workarounds are discussed in the "Workarounds" section in the FAQ below.
Frequently asked questions:
What's the scope of the vulnerability?
This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could cause code of his or her choice to be executed as though it originated on the local machine.
What causes the vulnerability?
The vulnerability is caused by a heap overflow in the Windows Script Engine for the JScript scripting language, JScript.dll.
What is a scripting language?
Scripting languages can be used to add additional functionality to HTML web pages or operating systems. They can enable a web author to set and store variables, and work with data in the HTML code. For instance, a script can be used to check the version of the web browser a user is running, validate input, work with applets or controls, and communicate to the user.
In addition, scripts can be used in Windows to automate operating system tasks such as changing settings or mapping a network drive.
What is a scripting engine?
The Windows Scripting Engine serves as the component within Windows that interprets and executes script code written in scripting languages such as JScript or VBscript.
What is JScript?
JScript is the Microsoft implementation of the ECMA 262 language specification (ECMAScript Edition 3).
It is an interpreted, object-based scripting language. In general, JScript has fewer capabilities than full-fledged object-oriented languages like C++. Stand-alone applications cannot be written in JScript, for example. JScript scripts can run only in the presence of an interpreter or "host", such as Active Server Pages (ASP), Internet Explorer, or Windows Script Host.
What's wrong with the Windows Script Engine for JScript?
There is a flaw in the way the JScript scripting engine processes the script. It does not correctly size a buffer during a memory operation.
What could this vulnerability enable an attacker to do?
This vulnerability could enable an attacker to cause code of the attacker's choice to run with user privileges on the system.
If I am not using Internet Explorer do I need the patch?
Yes. The vulnerability exists in the Windows Script Engine. Microsoft recommends all customers install the patch immediately.
How could an attacker exploit this vulnerability?
The attacker would need to construct a web page that contained specially formed script code. The attack could then proceed via either of two vectors. In the first, the attacker could host the web page on a web site; when a user visited the site, the web page could launch the script and exploit the vulnerability. In the second, the attacker could send the web page as an HTML mail. Upon being opened by the recipient, the web page could attempt to invoke the function and exploit the vulnerab
Windows Update not working?
by
mtcrowe
·
· Score: 5, Interesting
Has anyone tried to use Windows Update to grab this patch? I'm running WinXP at work and just tried to hit Windows Update to let it auto-magically determine which update(s) to send to me. However - it came back and said everything was already hunky dory, no patches available.
I checked www.microsoft.com/security and looked up the MS03-008 patch for XP. It had a Qfix number starting with 8. I then compared against the Qfixed installed in my add/remove programs listing and it wasn't there...
I'm wondering whether they forgot to include that patch on the WU site for WinXP users. Seems to me like that would be one of the most critical places to put it for all of the normal user-folk.
So, I manually downloaded and installed the "Js56en" patch on WinXP and it took.
As an aside - I was very concerned when MS announced the Windows Scripting Host functionality. My thinking at the time (and again now) is that they allow so many file types to be executed that there's just no way they can keep all of the bugs out of all of those interpreters. Figured it would just be a matter of time..
Slashdot Mirror
Top officials have decided to post it on Slashdot.
webpage
I thought Monday was the official MS patch day? As an MS admin I'm not expected to work two days a week, am I?
I heard he smoked a fool over 20 bucks!
You might want to cover your Macintosh with a thin layer of paraffin, or place it in a plastic bag this week; that should deter any worms.
From the Microsoft security bulletin
---------------
How to Check Which Version You Have
If you are unsure whether a product you are running is affected by this issue, check the version.
To determine which version of Microsoft Windows you are running:
1. On the taskbar at the bottom of your screen, click Start, and then click Run.
2. In the Run dialog box, type: winver
3. Click OK.
A dialog box displays the version that you are running.
-------------
If it say "Microsoft " and something else, you are vulnerable.
"It's pretty unlikely any such exploit attempt will get legs."
Worms don't have legs anyway, do they?
No, I think you are missing it.
The article describes a remote root exploit that affects IIS servers.
You are citing an article on a remote root exploit based on a user reading an email or visiting a web site.
Different remote root exploits. The IIS one is expected to be a pain, the email reading/website visiting one is not.
I usually use a thumper to call Shai-Hulud.
Truth suffers from too much analysis.
Ancient Fremen Saying
Microsoft Bug May Attract Big Worm
So there I was at a Halloween party. This woman dressed up as a giant insect walks up. I realise she has a Microsoft logo on the chest of her costume.
I was hooked.
"So," she asked "does me being a Microsoft Bug make your Big Worm want to come out and play?" I was flabbergasted.. There I was being asked this by the woman of my dreams and I was wearing a Tequila Bottle costume...
Trolling is a art,
Russ Cooper, moderator of the NTBugTraq security list and a security expert for TruSecure Corp., seems to be contradicting himself in two stories on the same day (or is being misquoted). Make of this what you will...
This story quotes Cooper: "I do expect that in the next seven to 10 days we're going to see a worldwide wave" of attacks, probably via an Internet worm, Cooper said Wednesday. "And it will be effective."
And this story quotes Cooper: ""I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs.""
Technical details
Technical description:
The Windows Script Engine provides Windows operating systems with the ability to execute script code. Script code can be used to add functionality to web pages, or to automate tasks within the operating system or within a program. Script code can be written in several different scripting languages, such as Visual Basic Script, or JScript.
A flaw exists in the way by which the Windows Script Engine for JScript processes information. An attacker could exploit the vulnerability by constructing a web page that, when visited by the user, would execute code of the attacker's choice with the user's privileges. The web page could be hosted on a web site, or sent directly to the user in email.
Although Microsoft has supplied a patch for this vulnerability and recommends all affected customers install the patch immediately, additional preventive measures have been provided that customers can use to help block the exploitation of this vulnerability while they are assessing the impact and compatibility of the patch. These temporary workarounds are discussed in the "Workarounds" section in the FAQ below.
Frequently asked questions:
What's the scope of the vulnerability?
This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could cause code of his or her choice to be executed as though it originated on the local machine.
What causes the vulnerability?
The vulnerability is caused by a heap overflow in the Windows Script Engine for the JScript scripting language, JScript.dll.
What is a scripting language?
Scripting languages can be used to add additional functionality to HTML web pages or operating systems. They can enable a web author to set and store variables, and work with data in the HTML code. For instance, a script can be used to check the version of the web browser a user is running, validate input, work with applets or controls, and communicate to the user.
In addition, scripts can be used in Windows to automate operating system tasks such as changing settings or mapping a network drive.
What is a scripting engine?
The Windows Scripting Engine serves as the component within Windows that interprets and executes script code written in scripting languages such as JScript or VBscript.
What is JScript?
JScript is the Microsoft implementation of the ECMA 262 language specification (ECMAScript Edition 3).
It is an interpreted, object-based scripting language. In general, JScript has fewer capabilities than full-fledged object-oriented languages like C++. Stand-alone applications cannot be written in JScript, for example. JScript scripts can run only in the presence of an interpreter or "host", such as Active Server Pages (ASP), Internet Explorer, or Windows Script Host.
What's wrong with the Windows Script Engine for JScript?
There is a flaw in the way the JScript scripting engine processes the script. It does not correctly size a buffer during a memory operation.
What could this vulnerability enable an attacker to do?
This vulnerability could enable an attacker to cause code of the attacker's choice to run with user privileges on the system.
If I am not using Internet Explorer do I need the patch?
Yes. The vulnerability exists in the Windows Script Engine. Microsoft recommends all customers install the patch immediately.
How could an attacker exploit this vulnerability?
The attacker would need to construct a web page that contained specially formed script code. The attack could then proceed via either of two vectors. In the first, the attacker could host the web page on a web site; when a user visited the site, the web page could launch the script and exploit the vulnerability. In the second, the attacker could send the web page as an HTML mail. Upon being opened by the recipient, the web page could attempt to invoke the function and exploit the vulnerab
Has anyone tried to use Windows Update to grab this patch? I'm running WinXP at work and just tried to hit Windows Update to let it auto-magically determine which update(s) to send to me. However - it came back and said everything was already hunky dory, no patches available.
I checked www.microsoft.com/security and looked up the MS03-008 patch for XP. It had a Qfix number starting with 8. I then compared against the Qfixed installed in my add/remove programs listing and it wasn't there...
I'm wondering whether they forgot to include that patch on the WU site for WinXP users. Seems to me like that would be one of the most critical places to put it for all of the normal user-folk.
So, I manually downloaded and installed the "Js56en" patch on WinXP and it took.
As an aside - I was very concerned when MS announced the Windows Scripting Host functionality. My thinking at the time (and again now) is that they allow so many file types to be executed that there's just no way they can keep all of the bugs out of all of those interpreters. Figured it would just be a matter of time..
Wasn't this story posted last month... And the month before? And the week before that? And the month before...
"compotence" - there is something ironic about spelling this wrong.