Slashdot Mirror

← Back to Stories (view on slashdot.org)

Latest SP2 News

Posted by michael on from the millions-of-man-hours-spent-working-around-new-bugs dept.

Xformer writes "It seems that SP2 for Windows XP isn't as secure as Microsoft touts it to be. Heise Security has uncovered two flaws in SP2's bolstered security measures, both of which may be used to get around the new trusted/untrusted executable origin checks. Of course, who would be surprised by this?" Reader EtherNetFreak writes "Well it appears that at least one hotfix is already available to fix yet another bug in Windows XP, post SP2 application." Reader Finalnight writes "'Microsoft Corp. yesterday delayed yet again its oft-delayed Windows XP Service Pack 2, this time postponing the patch's distribution through the company's Automatic Update service.'"

4 of 483 comments (clear)

  1. Re:is it serious enough? by tpgp · · Score: 5, Informative
    RTFA.

    No.

    The attack vectors described are:

    Exploiting this issue requires the ability to overwrite existing files which have a trusted or non-existant ZoneID. Right now there is no known way to achieve this in an attack mounted from the Internet.

    and (in an email)
    attached you find the copy of your access data you
    requested. For security reasons, the file is scrambled
    and can only be viewed with cmd. To view it, save the
    attached file, execute "cmd" from the start menu,
    drag&drop the file into the new window and hit
    return. cmd will descramble the file for you.

    Neither seem likely to be able to self-replicate without use intervention. So no worm then.
    --
    My pics.
  2. Re:Where is SP2... by Rufus211 · · Score: 5, Informative

    actually it's not available through Windows Update OR Automatic Update (yet). It's only available as a direct download from here

  3. Re:Mod article down by Anonymous Coward · · Score: 5, Informative

    The Sendmail issue you speak of was related to MS^T^TSCO's version of sendmail...

    By SearchSecurity.com staff
    02 Aug 2004 | SearchSecurity.com

    SCO fixes two critical flaws in Sendmail
    The SCO Group of Lindon, Utah has issued a fix for two old vulnerabilities in Sendmail that malicious people could use to launch a denial-of-service attack or compromise a vulnerable system. IT security firm Secunia of Copenhagen, Denmark calls the flaws "extremely critical." The first problem can be exploited to cause a denial-of-service attack and could allow a remote attacker to execute arbitrary code with the privileges of the Sendmail daemon, typically root, according to SCO's advisory. The second problem is in the prescan function in Sendmail 8.12.9, which allows remote attackers to execute arbitrary code via buffer overflow attacks. The vulnerabilities affect OpenServer 5.0.6 and 5.0.7. The SCO recommends users install the latest packages.

  4. Making it small is the trick by Oestergaard · · Score: 5, Informative

    What you do when you want a large system to be secure:

    You implement a very small "core" or "security kernel" or "call it what you like". It is called a "reference monitor" in TCSEC. It is a piece of code that will be asked "can subject X do operation Y on object Z", whenever a user or program attempts any operation on any object (like a file or a network connection). This piece of code is so small and simple that you can inspect it and possibly even formally *prove* it to be correct.

    The operating system kernel will then guarantee that the reference monitor is consulted on all such operations. This is, after all, what operating system kernels do, among other things.

    Now; you can write a simple security policy for each subsystem in your operating system. One policy for your browser, one for your word processor, one for your regular secretaries, one for your accountants, etc. (a real OS with these features will of course have the majority of all policies set up and ready by default).

    The system will now enforce the security policies on everything that goes on in the system. Because the OS is enforcing these policies, and because the subsystems cannot magially change the security policies set up for them, this is called "Mandatory Access Controls", or MAC for short.

    MAC ensures that a bug in, say, your browser, cannot be exploited to, say, go thru your documents and harvest e-mail addresses. Simply because the system policy does not allow a browser with internet access to access local documents. Just an example.

    This is how secure systems are built. This is what SELinux is trying to do, and this is what Trusted Solaris has done for a while. This is what is required if you want a TCSEC certification in the B (or A) class, not the kindergarten-security of the C class.

    Or, under the common criteria, this is what you need to get certification against the LSPP (as Trusted Solaris has), instead of the kindergarten-security CAPP (as Win2000 can have in certain restricted setups), or even the home-grown "security targets" (which SuSE got).

    This is old and well known technology. Too bad big businesses and governments never put pressure on the vendors to actually have real security built in.

    Good to see SELinux coming along nicely, and Sun moving Trusted Solaris features into Solaris 10.

    All is not lost - but trust me, they will be selling snow-cones in hell before you see MAC in Windows.