Slashdot Mirror
Four New Unpatched Windows Vulnerabilities
peeon writes "Right before Christmas, four new Windows NT/2k/XP vulnerabilities were posted to the Bugtraq list. This story discusses two of the vulnerabilities in the LoadImage function (buffer overflow) and Windows Help program (heap overflow), but the Chinese company discovered two more exploits in the parsing of a specially crafted ANI file (causes DoS). A Bugtraq posting has more details."
See, for one of these types of posts to be funny, you can't just pick two previous articles at random and arbitrarily combine them with elements from the current story. The joke actually has to be funny, ironic, or creative in some way for it to be worth anything. I know getting modded Funny is a great ego (although not karma) booster and all, but come on. Show some class.
so it's christmas eve 2004, i'm at the in-laws, just spent 3 hours adawaring, spybotting, esspee2ing from a cd burnt on the latest stage 1. go figure.
30 megs of critical/av signatures to be done over diallup another time
damn you micro$hite
$ strings FTP.EXE | grep Copyright
@(#) Copyright (c) 1983 The Regents of the University of California.
Sysadmins should have already fixed this problem. SP2 was available months ago. If you aren't patching your systems when the patches are out then you deserve everything you get.
...and that is all I have to say about that.
http://jessta.id.au
The OS itself should not be shout-down just by an user level privilege rights. If ie6 or any other application causes system crash under non-root privilege level, it is an OS fault, as the OS must guarant interprocess safetyness and security, etc.
Why do they have to release this stuff JUST BEFORE we actually get time off? Are they deliberately being bastards to us Bastards who have to herd Redmondware amongst the other less sucky things?
At least I won't have to spend Christmas removing viruses, trojans and spyware from my Dad's computer. I bought him a Mac. Worth every penny in reduced aggro.
Oolite: Elite-like game. For Mac, Linux and Windows
It has to be a conspiracy. Anyone who claims that this might be a consequence of the year-long security push for SP2 and that a high-level fix made during this push might prevent certain classes of bugs from being exploitable is clearly evil and has been exposed to too much software engineering. I'd suspect such a person of spreading facts instead of FUD.
And if you blindly install new patches on everything without testing them first, you deserve everything you get.
Y'know, you blow up one sun and suddenly everyone expects you to walk on water.
a) Nobody's forcing you to upgrade. I still haven't had Steve Ballmer show up on my doorstep with an Uzi yet.
b) The list you give is mostly patches. There are four base OS' on that list and 6 patches, all of which are free.
c) If it bothers you, feel free to run an unpatched OS of your choice, whether it be Windows, MacOS or one of the many *nix variants.
"An unarmed man can only flee from evil, and evil is not overcome by fleeing from it." Col. Jeff Cooper
Hi, you've missed the point. I hope you're not trolling, because I'm going to bite.
Every box at my workplace is patched with SP2. In this case, it doesn't matter - one of the exploits is still useable.
The problem is not (this time, thankfully) the corporate enterprise deployment of windows. It's friends and family. Every time a new windows exploit like this comes out, jerk spyware/worm/virus writers are on it within 24 hours, populating their zombie networks with your mom's, friends' and families' computers. Manditory regular patching at work is easy. The same for people you see occaisionally who are not computer literate is not. These are the people who it really screws with - for example, all one of my buddies wants to do with his dell is play games, send email and surf. He knows nothing beyond that, and is certainly not going to run down to the basement on christmas eve to make sure his operating system is secure RIGHT NOW.
This business of "patch or you deserve it" is utter BS. I maintain that virus writers should be dragged into the street and beaten with keyboards, followed shortly by geeks who empower them by putting any of the blame on the end user. If I paid thousands for an OS site license, I should not be spending my holidays fixing it. If I spend hundreds for an oem copy at home, the same applies. The only ones who deserve ANYTHING bad here are the exploiters and the providers of the crappy OS in question.
If you don't have any fancy admin rights, you shouldn't be able to anything in code to crash your machine, regardless of the OS.
One line blog. I hear that they're called Twitters now.
Nice try, but you should check the return code from malloc(). If it is -1 then there is a problem and you don't need to do the If statement. A lot of times the trouble comes not when allocating memory but when using a pointer to WRITE to memory. It's a C programmer trick to set up a pointer to a block of size X and write to it via the pointer, of course if you lose track of the pointer address you can easily go too far. Common errors are off by one in the count, assuming you are writing 8/16/32 bits without checking the underlying data type first,
or just writing to whatever address the pointer says w/o checking that *p > MAX_MEMORY_ADDRESS. These are errors a beginner programmer would make, and from the looks of how common these errors are in Windows that is the type of folks MS uses. It also says to me that they don't use any sort of Automated Code Analysis tools which can catch these sorts of errors. Or maybe they don't do any indpendant QA at all? It's pretty pathetic when the worlds most popular software is made by a company that probably doesn't meet SEI Level 2 criteria. I only wish that the laws allowed someone to sue for lost time/income from the "basic" errors that shouldn't have been present.
The LoadImage API is implemented in kernel-mode for speed so a bug in there can bring down a system.
Windows has been a known security hole for almost 10 years now. Until very recently, you could expect to spend $1000+ on a new computer - that's worth the investment of the amount of time it would take to find out that running Windows is dangerous.
-- The act of censorship is always worse than whatever is being censored. Always.
why in this day and age, 99%-100% of automated exploits still happens to be some kind of overflow. why do we keep thinking that we dont have to check the sizes when moveing data about as its defined by a standard anyways? its like not checking to see if you have room for something in your house or car before buying it at the very least.
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
Slashdot has made subtle changes to the definitions of Patched and Unpatched.
Patched Open Source: A vulnerability has been identified and someone is thinking about fixing it. Because the time between discovery and fix is vanishingly small, there are no unpatched open source vulnerabilities.
Patched Windows/Proprietary: A patch has been available for not less than 12 months and is installed on not less than 99% of affected systems. It will be several months, if not years, before vulnerabilities fixed by Windows XP SP2 will be considered patched.
For example, they could say, "Click here to download a security update for bug #58273".
You obviously are parrotting the geek mantra and have never used the windows update tool.
Since I started using the windows update, I have always been able to use the custom install option to see what's gonna be downloaded. And to deselect things I don't want. Then maybe that's the problem. If you knew something about computers, you wouldn't be so afraid to venture out of the typical install realm.
humbug?
OH, there's no doubt. The problem is that people (read: INTERNET SERVERS) that are...skiddish of installing patches. They are skiddish because in the past, with NT 4.0 and later 5.0, the system bluescreened after reboot. Just like that time when Billy plugged in a USB printer and the computer bluescreened on him in front of 300 people.
The problem isn't that a "patch is available". It's that "our fucking server didn't come back up in the past, until $1200 and 48 hours later, and as far as we know, no one has broken in just yet so we're going to risk it this time".
Kind of like speeding on the freeway. There's hundreds more sons of bitches, just like you. And the idea is that you'll see them getting pulled over before you are, so you'll have time to reduce your speed (or disconnect your internet connection like Gabe Newell walked around, telling his entire staff when a German kid tiptoed in).
When you are a gazelle, there is safety in numbers.
Or so the theory goes...
Repeat after me: Microsoft still officially supports windows 2000 and other operating systems besides XP SP2, so the vulnerabilities are still unpatched on those OS's
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F