Windows Vulnerabilities Revealed, Patched

← Back to Stories (view on slashdot.org)

Windows Vulnerabilities Revealed, Patched

Posted by simoniker on Wednesday July 16, 2003 @10:34AM from the information-is-good dept.

Saint Aardvark writes "A big MS Windows remote vulnerability has just hit BugTraq. It concerns a buffer overflow in MS' DCOM, and affects Win2k through Server 2003; here's the security advisory from Microsoft. This is in addition to an earlier vulnerability concerning conversion from HTML to RTF - there's a separate security advisory from Microsoft for this one, and it affects Win98 and NT 4.0 through Server 2003. Patch early, patch often." There's also a CNET News story with a little more explanation on the newest vulnerability.

6 of 445 comments (clear)

Min score:

Reason:

Sort:

winnuke all over again! by sporty · 2003-07-16 10:37 · Score: 5, Interesting

The vulnerability results because the Windows RPC service does not properly check message inputs under certain circumstances. This particular failure affects an underlying Distributed Component Object Model (DCOM) interface, which listens on TCP/IP port 135.

Sounds like we'll haev winnuke2003 sometime soon. :)

<disclaimer>I know that winnuke uses OOB data vs this which does something on the application layer. :P</disclaimer>

--
-
ping -f 255.255.255.255 # if only
patch beat slashdot by Anonymous Coward · 2003-07-16 10:38 · Score: 4, Interesting

im just downloading the patch before reading the slashdot story even. microsofts possibly getting better?
1. Re:patch beat slashdot by H310iSe · 2003-07-16 12:44 · Score: 4, Interesting
  
  yea, but the post above (linking to technical info on the exploit, but not an actual exploit) was based on a paper from last November. I wonder how long this one has been just under the radar?
  
  --
  closed minded is as closed minded does
Turnaround time...? by seldolivaw · 2003-07-16 10:48 · Score: 4, Interesting

Much as I hate to give MS any ground on security, it does seem their lag time between vulnerabilities and patches is getting shorter recently. Amazing what some fear of competition will do :-)
Re:Bad One? by FLoWCTRL · 2003-07-16 11:32 · Score: 5, Interesting

Yes... and there are probably lots of exploits that never get published, just used. Now do you want your government relying on this software to store data such as the Total Information Awareness Program, for example? (Oh, I see they renamed it...)

Would you want your business to rely on it? I find it utterly astounding that so many PHB's still think its a good idea. A German beaurocrat who was pitching open source insightfully quipped, "'Security through obscurity' is the model of yesterday. The model of the future is 'Security through transparency'". Thats a paraphrase, and I'm too lazy to look it up. Great point, though. Maybe this new vulnerability will lead to another "slammer" worm...
Buffer Overruns - this sounds familiar by sempai · 2003-07-16 12:35 · Score: 4, Interesting

The news.com article had one interesting quote that is different than the usual "time-to-patch-again" article, from Jeff Jones at MS:

"It was primarily a process issue," he said. "We will be updating our automated scanning tool to make sure this type of issue is detected in the future."

Last week, there were two patches released - both termed "buffer overruns". Nice semantics, because it's not made clear whether one could call this a buffer overflow, or an UNDERflow. It was just two weeks ago when the details about getting Linux to run on the XBox were released, and how the buffer underflow trick was used. Makes me wonder if MS took notice of that trick, and is now busy scanning the rest of their code looking for underflows, as opposed to the overflows they've already had their automated tools earmarking?