Slashdot Mirror

← Back to Stories (view on slashdot.org)

Four New Unpatched Windows Vulnerabilities

Posted by CowboyNeal on from the most-wonderful-time-of-the-year dept.

peeon writes "Right before Christmas, four new Windows NT/2k/XP vulnerabilities were posted to the Bugtraq list. This story discusses two of the vulnerabilities in the LoadImage function (buffer overflow) and Windows Help program (heap overflow), but the Chinese company discovered two more exploits in the parsing of a specially crafted ANI file (causes DoS). A Bugtraq posting has more details."

13 of 273 comments (clear)

  1. Forced Upgrade. by datadriven · · Score: 5, Interesting

    Vulnerable:
    Windows NT
    Windows 2000 SP0
    Windows 2000 SP1
    Windows 2000 SP2
    Windows 2000 SP3
    Windows 2000 SP4
    Windows XP SP0
    Windows XP SP1
    Windows 2003
    Not vulnerable:
    Windows XP SP2

    They'll do anything to get you to upgrade.

    --
    GETPKG - Package Management for Slackware
    1. Re:Forced Upgrade. by mtenhagen · · Score: 2, Interesting

      Just wait until longhorn comes out. Then XP SP2 will have some exploits aswell. This is just a microsoft consipracy to make us upgrade. Dont believe the people who claim microsoft developers spend more time on new features then on creating good code.

      --
      200GB/2TB $7.95 Coupon: SAVE90DOLLAR
  2. Timing of the post by Anonymous Coward · · Score: 1, Interesting

    Could it be these bugs have been published before christmas on purpose? To allow sysadmins to defend against them over the holidays, when corporate computer use is at a minimum?

  3. Re:another wonderful holiday season by northcat · · Score: 2, Interesting

    RTFA. Exploits have already been released. Exploits are enough.

  4. Don't suppose anyone... by NoMoreNicksLeft · · Score: 2, Interesting

    Knows where a person could find a pre-compiled, local only 2k/XP administrator access binary? Something that would just open a cmd.exe with the correct privileges, to say, install java on Firefox?

    I'm not a script kiddy, just not patient enough to go through the 3 month process of maybe getting it approved to be installed by IT...

  5. Great by Segosa · · Score: 3, Interesting

    Stupid question, but does the LoadImage() one affect images which are viewed in FireFox or Thunderbird?

  6. Re:Bah! by Anonymous Coward · · Score: 1, Interesting

    If I paid thousands for an OS site license, I should not be spending my holidays fixing it.

    Perhaps time to rethink this policy?

    I know, I know. Management says to install it. Some apps only run under Windows. End users are scared of Linux.

    Maybe its time to rethink working there, or working in that department. Would you would for an employer that made you go through a dark alley to make bank deposits, and every 5th time through you're mugged?

  7. Re:Is it really this hard... by Gopal.V · · Score: 4, Interesting
    Vulnerabilities are not hard to write - they are hard to detect and often easy to fix.

    Most FOSS programs are the result of someone who really wants to write something good. Rarely have I seen someone being forced to write FOSS code to meet a release date schedule or to remain competitive. It's about It'll be done when it's done, sort of Code Poetry. Most of the code was written to run in a hostile environment where black hats can read the code (like the above peice) and screw everyone who runs bad code. The term security in obscurity as far as coding style does not even enter your mind.

    Also vulnerabilities are easier to find when you have the source - like that professor who set his students to find vulnerabilities in FOSS. Unlike a corporate setup - you have a practically unlimited number of reviewers if your program is popular (and if it is not, a vulnerability is no big deal anyway, right). Also everyone runs a different binary, slightly different from what everyone else runs (security often needs you to recompile stuff with stack canaries)

    So FOSS software evolves (yes, Natural Selection) to avoid these vulnerabilities by dying out or it "adapts" - Someone adds more good ideas and makes it better like.. (s/ideas/genes == Sexual reproduction) . Also the good ones read Wietse's papers.

    --
    Quidquid latine dictum sit, altum videtur
  8. Re:Bah! by Chandon+Seldon · · Score: 1, Interesting

    You might have had a point 7 years ago when this whole "Windows has a new remote exploit" thing was a little bit more... new and unexpected.

    But in late 2004, with almost 10 years of evidence that running Windows is just asking to be exploited, I find it hard to blame anyone but the users.

    If you were to travel somewhere known for it's pickpockets during tourist season and kept $1000 in your wallet in the inside pocket of a loose jacket, I'd blame you (not the pickpocket) when you lost your money. The police there would agree with me. Running Windows on the internet is pretty similar, and should be treated as such.

    --
    -- The act of censorship is always worse than whatever is being censored. Always.
  9. Re:Give this as a gift for the holidays by museumpeace · · Score: 3, Interesting

    I'd suggest either feigning a stroke that has caused you to "forget" everything you ever knew about computers or download the ISO from mepis.org and burn a bunch of live CDs to give out to your clueless friends. My son's old laptop utterly refused to be upgraded to XP and its ME was hosed...it got so bad you couldnt even get a chance to break into the BIOS. I gave him the Mepis CD and just let him fool with it for a while. At breakfast the next morning, he was beaming. He'd figured out how the partion editor worked, wiped the microshit completely off the HD and was enjoying his trip up the KDE learning curve. We have gone from "I think its a doorstop now" to "its a little slow opening files and I think we need to find the right driver for my PCMCIA ethernet card".

    Give those friends and relatives an opportunity to experience winning, to experience being just a little bit competant with a computer and there is a chance that they will be both bothering you less and talking to you more intelligently in the future. But for godsake don't let them leave the room if you have to be in the driver's seat for the repair sessions: make'em bring you a drink and make them listen and describe in their own words each step you take at the keyboard

    --
    SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
  10. Re:Give this as a gift for the holidays by MicroBerto · · Score: 2, Interesting
    This has been holiday tradition for me since about 1999.. it's nothing new anymore.

    Problem is that people are starting to bring laptops, family members are startin to have kids, and I'm still just one guy who wants to eat too and drink too much and pass out.

    --
    Berto
  11. Not vulnerable: Windows 98 SE by stankulp · · Score: 2, Interesting

    Now that it takes less than 5 minutes connected to the Internet for a Windows box to be hijacked, I have gone back to dual-booting Linux with Windows 98 SE.

    A lot of Windows viruses simply won't run on it.

    All I need is Office, so it's good enough.

    --
    We must be alert to the danger that public policy could become captive to a scientific-technological elite. - Eisenhower
  12. This is a lie - updates are already available by Anonymous Coward · · Score: 1, Interesting

    Please stop the bs - the updates are already available at MICROSOFT.COM. Go check for yourself.