Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Vulnerabilities Revealed, Patched

Posted by simoniker on from the information-is-good dept.

Saint Aardvark writes "A big MS Windows remote vulnerability has just hit BugTraq. It concerns a buffer overflow in MS' DCOM, and affects Win2k through Server 2003; here's the security advisory from Microsoft. This is in addition to an earlier vulnerability concerning conversion from HTML to RTF - there's a separate security advisory from Microsoft for this one, and it affects Win98 and NT 4.0 through Server 2003. Patch early, patch often." There's also a CNET News story with a little more explanation on the newest vulnerability.

18 of 445 comments (clear)

  1. More info and POC ... by bigjocker · · Score: 5, Informative

    More info here, here and here. Here internetnews.com state that 3 vulnerabilities (not 2) where patched.

    Here is the report from the people who found the vulnerabilities (or at least one of them) which includes a proof-of-concept paper and code.

    --
    Life isn't like a box of chocolates. It's more like a jar of jalapenos. What you do today, might burn your ass tomorrow.
    1. Re:More info and POC ... by rritterson · · Score: 3, Informative

      Yes, there was a third vulnerability patched, but it only affected win9X and not the newer NT kernal OS's

      --
      -Ryan
      AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
    2. Re:More info and POC ... by jorupp · · Score: 2, Informative

      The 'paper' and 'code' links in the parent post are not to a paper and code that exploit this, they are to the tools they used to write the exploit.

  2. Re:heh by Anonymous Coward · · Score: 1, Informative

    That's from here btw.

  3. Last Stage of Delirium Research Group by Peter_Pork · · Score: 2, Informative

    The guys that found this vulnerability have an amusing web site. It looks rather professional for the underground (?) community. I bet the wear white coats while they hack.

  4. Technet article by Anonymous Coward · · Score: 2, Informative

    Article

  5. An apropos blast from the past by sigelman · · Score: 4, Informative
    From: Bill Gates
    Sent: Tuesday, January 15, 2002 5:22 PM
    To: Microsoft and Subsidiaries: All FTE
    Subject: Trustworthy computing

    "Every few years I have sent out a memo talking about the highest priority for Microsoft. Two years ago, it was the kickoff of our .NET strategy. Before that, it was several memos about the importance of the Internet to our future and the ways we could make the Internet truly useful for people. Over the last year it has become clear that ensuring .NET is a platform for Trustworthy Computing is more important than any other part of our work. If we don't do this, people simply won't be willing -- or able -- to take advantage of all the other great work we do. Trustworthy Computing is the highest priority for all the work we are doing. We must lead the industry to a whole new level of Trustworthiness in computing."

    They are right to attribute such great importance to trustworthy systems -- and I do believe they are trying -- but 30,000,000 lines of code necessarily lead to opaque semantics. Good luck, MS, I think this will be one of many such deficiencies in Server 2003. Repeated claims of security and "trustworthiness" from their higher-ups will place the company in a boy-who-cried-wolf marketing scenario; at that point they're up a creek.

  6. Well that's better than... by Anonymous Coward · · Score: 0, Informative

    Creating brand new bugs with every "stable" Linux kernel release! Anyone even LOOK at the issues lists for releases or pay attention to the kernel mailing list? If the contents of those "documents" were made public, Linux would lose every corperate/government contract they had! The file system/hardware/security bugs that get INTRODUCED as well as patched with each version is frightening.

    This article is so completely pot/kettle/black that most regulars here should be getting pretty tired of it by now.

  7. Re:Bad One? by Anonymous Coward · · Score: 2, Informative

    Let me give you a hint: the "bad guy database" isn't connected to the outside world. The only way to get at that (whatever you were referring to) is to have an account on that network, and the right passes and codes to get into the building where it's stored. That's standard operating procedure for many, many secure systems, and I'm sure the US gov isn't any different :).

  8. Re:nt4 by PDHoss · · Score: 4, Informative

    weird, I just patched this very bug for NT4 from Windows Update. YMMV, I guess.

    --
    ======================================
    Writers get in shape by pumping irony.
  9. Re:heh by UnrefinedLayman · · Score: 5, Informative

    The point is this is a remotely exploitable system level hole.

    It's important to note that the system account is god in Windows -- even Administrator has less power than system.

  10. Re:Poll: Tinfoil hat mode ON! by Anonymous Coward · · Score: 1, Informative

    Could not check the MS one but I am guessing more than 3 of them were OS level patches since there were three just today.

    I don't see how, they all releated to subsystems outside of the kernel.

  11. Re:heh by epiphani · · Score: 4, Informative

    This patch that was released - well, I installed it on my home machines today. It screwed up my OpenGL libraries. Considering it should have absolutely nothing to do with OpenGL, microsofts patches are making me EXTREMELY nervous.

    --
    .
  12. Re:Poll: Tinfoil hat mode ON! by the+eric+conspiracy · · Score: 4, Informative

    Saying Apache doesn't count, but IIS does is not comparing correctly. One reason MS appears to have so many more bugs is that their OS includes a lot more components that are thought of as part of the OS.

    Actually it is comparing correctly because of the way the different systems are architected.

    Apache is usually run in userland with limited privledges on a Unix machine while IIS.sys is a kernel mode device driver on a Windows machine. There result is a compromise in IIS presents a system wide security issue while a similar security issue in Apache only represents a user level security issue.

    This sort of thing is very common in comparing Windows vs Unix/Linux security. The Windows code runs with admin level access or as part of the kernel, while the Linux application runs with much more restricted access.

  13. Re:patch beat slashdot by Anonymous Coward · · Score: 2, Informative

    That's not true. Most Open Source projects maintain private channels for security issues and don't disclose the bug until it's fixed. This includes Linux-Kernel, Apache, Mozilla, and so on.

  14. Didnt take long... by angst7 · · Score: 4, Informative

    I checked my incoming logs and am already seeing quite a few more tickles at port 135 than usual. Where from, you ask? Somewhere in china mostly.. ips in the range 218.15.192.xxx coming from somewhere beyond blahblah.gd.cn.net. Here's one of the ips (its a phony drug sales place) 218.15.192.84... nice little e-com site :)

    Ugh, isn't the net fun?

    --
    StrategyTalk.com, PC Game Forums
  15. Ahhhh, This explains it by l0ungeb0y · · Score: 4, Informative

    I've been seeing overflows run against port 135 on my home network for awhile now. Typically, these requests seem to come from Korea. Fortunately, my pc never had that port open anyway, and port 135 is Samba on my mac, but that is not effected by this exploit, though linux had a samba BO exploit a couple months back as I recall.

    So, it may be very possible this sploit has been around for some time now.

  16. Re:heh by Anonymous Coward · · Score: 1, Informative

    C2 for NT was achieved on a machine minus CD drive and NIC card. (bet that's a machine we all want)

    C2 is no longer used by the govt. It's been replaced by something called Common Criteria which Red Hat has obtained.