Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Vulnerabilities Revealed, Patched

Posted by simoniker on from the information-is-good dept.

Saint Aardvark writes "A big MS Windows remote vulnerability has just hit BugTraq. It concerns a buffer overflow in MS' DCOM, and affects Win2k through Server 2003; here's the security advisory from Microsoft. This is in addition to an earlier vulnerability concerning conversion from HTML to RTF - there's a separate security advisory from Microsoft for this one, and it affects Win98 and NT 4.0 through Server 2003. Patch early, patch often." There's also a CNET News story with a little more explanation on the newest vulnerability.

17 of 445 comments (clear)

  1. winnuke all over again! by sporty · · Score: 5, Interesting
    The vulnerability results because the Windows RPC service does not properly check message inputs under certain circumstances. This particular failure affects an underlying Distributed Component Object Model (DCOM) interface, which listens on TCP/IP port 135.


    Sounds like we'll haev winnuke2003 sometime soon. :)

    <disclaimer>I know that winnuke uses OOB data vs this which does something on the application layer. :P</disclaimer>
    --

    -
    ping -f 255.255.255.255 # if only

  2. patch beat slashdot by Anonymous Coward · · Score: 4, Interesting

    im just downloading the patch before reading the slashdot story even. microsofts possibly getting better?

    1. Re:patch beat slashdot by jdennett · · Score: 3, Interesting

      Whereas I read the slashdot story, and then attempted to use Microsoft's software update facility from IE6 to download the patch -- only to be told that my system was up to date. It wasn't, so I downloaded the patch and applied it manually.

      For critical security updates, don't rely on the automatic update tools yet.

    2. Re:patch beat slashdot by H310iSe · · Score: 4, Interesting

      yea, but the post above (linking to technical info on the exploit, but not an actual exploit) was based on a paper from last November. I wonder how long this one has been just under the radar?

      --
      closed minded is as closed minded does
    3. Re:patch beat slashdot by linuxelf · · Score: 2, Interesting

      But, didn't Jim Allchin recently say that they (Microsoft) can't release their source code for many products because it is so bug ridden that releasing it would constitute a national security risk?

      --
      - "That's just the kind of fuzzy-headed liberal thinking that leads to being eaten."
  3. I would patch by Anonymous Coward · · Score: 2, Interesting

    It's a shame. I really like using windows, and I would like to patch my machine, but I don't trust Microsoft anymore. Their 'patches' come with new licensing terms and spyware. :(

  4. Turnaround time...? by seldolivaw · · Score: 4, Interesting

    Much as I hate to give MS any ground on security, it does seem their lag time between vulnerabilities and patches is getting shorter recently. Amazing what some fear of competition will do :-)

  5. WTF? by istartedi · · Score: 3, Interesting

    No Borg icon? No wise cracks? What gives?

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
  6. Re:heh by Grishnakh · · Score: 2, Interesting

    Sure, any crackers who aren't living in the US. While the US may think its laws apply to all parts of the globe, there's still places that don't have extradition treaties.

  7. Re:Here we go again by FLoWCTRL · · Score: 2, Interesting

    I really thought that trustworthy computing was starting to live up to its name.

    The motivation behind Trustworthy Computing is all about Digital Rights Management and copyright enforcement - it has little to do with fixing the seemingly infinite number of buffer overflow vulnerabilities that lead to total system compromise in Micro$soft's operating systems.

    Here's some links about it if you want more information.

  8. Re:Bad One? by FLoWCTRL · · Score: 5, Interesting

    Yes... and there are probably lots of exploits that never get published, just used. Now do you want your government relying on this software to store data such as the Total Information Awareness Program, for example? (Oh, I see they renamed it...)

    Would you want your business to rely on it? I find it utterly astounding that so many PHB's still think its a good idea. A German beaurocrat who was pitching open source insightfully quipped, "'Security through obscurity' is the model of yesterday. The model of the future is 'Security through transparency'". Thats a paraphrase, and I'm too lazy to look it up. Great point, though. Maybe this new vulnerability will lead to another "slammer" worm...

  9. I've Got NT Workstation 4.0 by Anonymous Coward · · Score: 2, Interesting
    Microsoft Security Bulletin MS03-023 says just the server versions of NT are affected. I'm home free, safe as a bug in a rug, right? WRONG! NT Workstation is out of support as of June 30. We're on our own! No security warnings from MS. No security patches.

    If they stalled announcing this for a while, that would likely be the number 1 reason -- to give us a reason to buy a newer version of their faulty products. If anyone comes up with a patch, let us know. Of course, copyright owner has absolute control of modifications to his work, so it would be illegal to distribute a patch without their consent. Jeez.

  10. Re:Poll: Tinfoil hat mode ON! by patbob · · Score: 2, Interesting
    [RedHat]33 patches and counting since March 31

    [Windows]18 patches and counting since March 31

    This actually worries me.. about Linux. Not only did MS have fewer patches, but there's more people trying to break MS than Linux out there. Even if one only considers the OS ones, and assumes that all of MS's are OS patches (doubtful) and only 3 of the RedHat ones are OS patches, we still need 6X more people looking for MS holes than Linux ones. That still seems too low a ratio to me.. but what do I know... maye even the bad guys are switching to Linux :-)

    --
    Welcome to the net of 1000 lies. Upgrades are scheduled soon that should bring us to the 10,000 lies mark.
  11. Buffer Overruns - this sounds familiar by sempai · · Score: 4, Interesting

    The news.com article had one interesting quote that is different than the usual "time-to-patch-again" article, from Jeff Jones at MS:

    "It was primarily a process issue," he said. "We will be updating our automated scanning tool to make sure this type of issue is detected in the future."

    Last week, there were two patches released - both termed "buffer overruns". Nice semantics, because it's not made clear whether one could call this a buffer overflow, or an UNDERflow. It was just two weeks ago when the details about getting Linux to run on the XBox were released, and how the buffer underflow trick was used. Makes me wonder if MS took notice of that trick, and is now busy scanning the rest of their code looking for underflows, as opposed to the overflows they've already had their automated tools earmarking?

  12. Re:An apropos blast from the past by Rob+Simpson · · Score: 2, Interesting

    Hmm...does "Trust" have the same relationship to "trust" as Truth has to the truth?

  13. Re:Props for Microsoft by andreMA · · Score: 2, Interesting
    Is it really Microsoft catching the bugs, or third parties reporting them? I honestly don't know... certainly security-related bugs are often first discovered by outsiders on other platforms -- and I assume that holds true for MS as well.

    Perhaps you meant to say that you were happy that MS was more responsive recently to demonstrated bugs, regardless of who first reported them?

  14. Re: yes... hmmmmmm.. by op51n · · Score: 3, Interesting

    Wonder how much coincedence there is in MS waiting to release this information til after they made their deal?