New Windows Vulnerability in Help System
wesleyt writes "CERT announced today a significant Microsoft Windows vulnerability related to IE and its handling of the Windows help subsystem. There are currently no patches available and no virus definitions for the major scanners. As well, exploits have been reported in the wild. Because the vulnerability is in the help subsystem, even users who avoid Outlook and IE are vulnerable, since IE is the default handler for help files. It seems that this is going to be an ugly one."
I am sure the major virus scanners will have it before anything "really" bad happens.. this isnt anything special.. move along
"could allow an attacker to execute arbitrary code with the privileges of the user running IE" This is why you run as a restricted user rather than administrator or power user. Restricted users don't have write or modify permissions to the WINNT or Program Files directories or subdirectories. And they certainly don't have permission to screw with the registry.
now would be a very good time to start the clocks to see how long it takes them to get a patch out. Should be a good case in point for the forrester research published last week. rd
... that not publishing vulnerabilities doesn't stop exploits. This one had exploits long before the vulnerability was known to anyone but the hackers. I have to laugh every time MS whines about how problems would go away if vulnerabilities were never disclosed, except to the vendor of course. The only thing that might go away is the bad PR, if even that.
At the risk of replying to a Microsoft troll, this is not a "pretty insignificant" story.
Errors in server-side applications are rapidly fixed by serious system administrators and at the worst they provide attackers a way into unprotected systems. How many computers around the world are currently infected or zombied thanks to holes in any of the programs you cited? Almost zero.
Security holes in client-side applications (MSIE, Outlook, primarily) are a totally different story. These programs are mainly used by people who don't have the capacity to protect their systems. And the results are clear: millions of PCs infected by everything from viruses to worms and spywares, used as platforms to launch DDoS attacks, to send spam, to steal information...
There is a real security problem on the Internet, one that is making a joke of the "information highway", and it's almost entirely caused by vulnerabilities like the one reported here.
Until the market leader realizes that its users need serious protection from the malicious forces who roam the Internet, no amount of criticism is too much. And, if you really want to support and defend Microsoft, you should be adding your voice, because it is this issue - its failure to provide its users with a safe platform - which will be its downfall.
"Microsoft = insecure" is an association that should be sending shivers down the backs of those marketing managers trying to bomb the web with billions of Microsoft adverts.
Ceci n'est pas une signature
Taken from Sophos....
m ac exe.html
/ CODE-2522 9F -BF ame venD-Fame vendust-J
http://www.sophos.com/virusinfo/analyses/index_
Description: Macintosh file virus
666, see Mac/Sevendust-A
ANTI-A, see Mac/ANTI-A
CDEF, see Mac/CDEF
CODE-1, see Mac/CODE-1
CODE-252, see Mac/CODE-252
CODE-9811, see Mac/CODE-9811
ERIC, see Mac/Scores
Garfield, see Mac/MDEF-A
Graphics Accelerator, see Mac/SevenD-Fam
INIT-1984, see Mac/INIT-1984
INIT-29, see Mac/INIT-29
INIT-9403, see Mac/INIT-9403
INIT-M, see Mac/INIT-M
Mac/ANTI-A
Mac/CDEF
Mac/CODE-1
Mac
Mac/CODE-9811
Mac/INIT-1984
Mac/INIT-
Mac/INIT-9403
Mac/INIT-M
Mac/MBDF-A
Mac/MBD
Mac/MDEF-A
Mac/nVIR-A
Mac/nVIR-B
Mac/nVIR-
Mac/Scores
Mac/SevenD-C
Mac/SevenD-D
Mac/S
Mac/Sevendust-A
Mac/Sevendust-B
Mac/S
Mac/T4
Mac/WDEF
Mac/ZUC-A
MBDF-A, see Mac/MBDF-A
MBDF-B, see Mac/MBDF-B
MDEF 666, see Mac/Sevendust-A
MDEF 9806, see Mac/Sevendust-A
MDEF-A, see Mac/MDEF-A
NASA VULT, see Mac/Scores
nVIR-A, see Mac/nVIR-A
nVIR-B, see Mac/nVIR-B
nVIR-Fam, see Mac/nVIR-Fam
San Jose Flu, see Mac/Scores
Scores, see Mac/Scores
SevenD-C, see Mac/SevenD-C
SevenD-D, see Mac/SevenD-D
SevenD-Fam, see Mac/SevenD-Fam
Sevendust-A, see Mac/Sevendust-A
Sevendust-B, see Mac/Sevendust-B
Sevendust-J, see Mac/Sevendust-J
SysX, see Mac/INIT-9403
T4, see Mac/T4
WDEF, see Mac/WDEF
ZUC-A, see Mac/ZUC-A
Sounds like the lynx browser (or links, w3m, etc) is right up your alley. Lots of other people who share your distaste for browser bloat do. Microsoft doesn't really care too much about those people who say "Ugh, Microsoft IE sucks! Oh, yeah, I still use it though". It's only until people say "IE sucks, that's why I use [whatever] instead" that they'll pay attention.
Funnel your enthusiasm into trying some different browsers that fit your needs. Donate some time or money, maybe, to an open source browser you do like.
At this point, though, a "IE is lame" post doesn't really contribute much to the discussion. Or have I been trolled?
INIT, MDEF, ANTI-A... wow, that's a blast from the past...
I remember wiping some of these off of floppies... back when I even owned floppies.
Integrate Keynote and LaTeX
That's not the point. MS has tried to lead the public to believe that there's never been an instince of exploit code before their patch. And obviously if there's exploit code out there, something already "really bad" has happened. This comes after the witty worm spread before ISS had patches for their products.
On a related note, MS pretty much NEVER releases advisory's on their own will before a patch. There almost always has to be a 3rd party that has said they are going to go public, or there have to be exploits or information in the wild. With that information, I wonder if this exploit is related to the windows source leak. The source leak had a lot of IE code, and if there are exploits in the wild before MS could even send out an advisory. That would lead me to the possiblity that the windows source leak could be the source of this one.
Why did you make it so bloody difficult to switch off html content in recieved Email text? AT best, it meant bandwidth guzzling spam, at worst viruses you didnt even have to open to catch..
As to browser/plug-in vulnerabilities, it may never be possible to eliminate them all, there are just too many niches for a virus to gain foothold.
"You lied to me! There is a Swansea!"
I don't know about that specific vulnerability, but I always suspected something fishy about the chm files. They can run javascript and whatever else you compile into them with full user priviledge. Yes, I write chm files. I think a workaround is to disable Javascript and other scripting at the local intranet security level in IE options.
Non-Linux Penguins ?
The 'Mac is invincible' mentality just means a well crafted mac virus will do even more damage.
How many Mac owners have AV software that is up to date?
The other day my boss called me over to check out a suspicious looking email that had made it's way past SpamAssassin. It rendered blank, but looking at the raw message code revealed it was using just this kind of exploit (with a <FORM> to obfuscate what was really happening).
My boss' account has Restricted User privileges, with Eudora as the MUA and Mozilla as the browser, so no panic, but the fact that spammers are already using this is scary.
How many Mac owners have AV software that is up to date?
Almost none - reason being that all those viruses (virii) mentioned at Sophos (Sophie) are from the 80's (80uses). This is the first 'exploit' on OS X, and it was just mentioned yesterday. What would Anti-Virus for the Mac have mentioned in their definitions last week?
"Virus definitions:
"
Additionally, since all ports are closed by default, and it takes an Administrator password to open any, and it takes an Administrator password to install any applications, and users are not root, there's a limited amount that a virus could do.
-T
Well, it's a little more complicated than just "unbundling and removing" IE in this situation. I'd consider the Help system critical for system functioning for lots of users. It'd be totally inexcusable for Windows to not come with any Help just for the sake of deintegration. If they unbundled IE, they'd just have to write *another* HTML rendering engine and associated parts to handle the Help files. It'd probably be more buggy and even less standards-compliant.
.chm help files. If a bug was discovered in Konqueror's handling of ms-its urls that resulted in a security hole, would there be anyone claiming Konqueror shouldn't be part of KDE?
On a side note, KDE does the same thing. I can open a "ms-its://" url to view
Karma: Contrapositive
Hello? Oh, hi mom. Yeah, I can help you install a program on your computer. What do you want to install? Oh, cool. Have you downloaded it?
Okay, hang on for a moment.
$ ssh moms.computer.net
It'll be done in just a sec, Mom!
I always get the shakes before a drop.
If they unbundled IE, they'd just have to write *another* HTML rendering engine and associated parts to handle the Help files. It'd probably be more buggy and even less standards-compliant.
If they unbundled IE, why the hell wouldn't the help files simply use the designated default browser??
"I'm not a procrastinator, I'm temporally challenged"
Windows has this reputation for "it just works!".
Yet the parent's post clearly shows that if you actually have to change anything fundamental, such as Services or Registry cleanups, it's a total fucking nightmare.
No wonder Windows admins get nervous, and sometimes run away screaming from changing Exchange configs, secure file sharing across networks, and nearly daily virus updates.
Am I forgetting anything?