Slashdot Mirror

← Back to Stories (view on slashdot.org)

3 New Windows Security Problems Found

Posted by timothy on from the now-wait-for-the-baffling-no-problems-in-years-claimants dept.

DotNM writes "USA Today is running a story that outlines three security issues in Microsoft Corporation's popular Windows desktop operating system product. It describes the issues and urges users not to download .hlp files from email attachments. Apparently there are issues, even for a Windows XP system patched with Service Pack Two."

43 of 190 comments (clear)

  1. In other Words by Prince+Vegeta+SSJ4 · · Score: 4, Funny

    Merry X-Mas from your friends in Redmond! Geez do they even search for flaws on their own?

    1. Re:In other Words by DanielJosphXhan · · Score: 2, Funny

      Wow, I've gotten everything I wanted for Christmas now, except maybe a home invasion, or rape or something.

      --
      [ think ]
    2. Re:In other Words by upsidedown_duck · · Score: 4, Funny

      Geez do they even search for flaws on their own?

      I'm sure Microsoft has an internal issue tracking system. Actually, I'd bet that's what motivated them for putting 64-bit support in Windows!

      --
      -- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
    3. Re:In other Words by flatface · · Score: 2, Insightful

      Why would anyone -want- a home invasion or rape? If you want it, then it's not invasion or rape.

  2. Breaking news from the Sahara desert! by Ligur · · Score: 5, Funny

    Millions of grains of sand found!

    --
    Smoke me a kipper, I'll be back for breakfast.
  3. Blah blah blah. by jamesgray · · Score: 4, Funny

    "Microsoft Corporation's popular Windows desktop operating system product."
    What? Is there a minimum number of characters for a /. headline?
    Ha.

    1. Re:Blah blah blah. by mattdm · · Score: 5, Funny


      "Microsoft Corporation's popular Windows desktop operating system product."
      What? Is there a minimum number of characters for a /. headline?

      Look, not everybody instantly recognizes the names of every random computer program in existence. There's millions of 'em out there, and, especially for this one with its generic and not-very-descriptive name, it's good to provide some context. Sure, you might be a Microsoft Windows expert, but not everyone here is, y'know? How would you like it if there were a story about something called "Linux" without explaining what that was?

  4. ANI... by Stile+65 · · Score: 5, Informative

    According to a report on eWeek.com, one of the three vulnerabilities involves image handling, which has posed problems for Windows and Unix systems in the past. The other two vulnerabilities involve Windows' Help system and its .hlp files, and Windows' ANI (Automatic Number Identification) authentication capabilities.

    That's what ANI is in the context of telephone networks. In the context of a Windows system, it's an animated mouse cursor.

    Besides, these vulnerabilities were announced yesterday morning on Slashdot!

    --
    I claim first use of "Error No. 0B" - or "No. 0B error." It'll be the new ID 10T!
    1. Re:ANI... by the+unbeliever · · Score: 3, Informative

      When in the case of Windows NT/2k/2k3 server, ANI authentication also means the number(s) that people are allowed to dial in remotely from, so the article text is correct.

    2. Re:ANI... by Stile+65 · · Score: 2, Insightful

      If you look at the actual vulnerability, the problem is when a frame number in an animated cursor file is set to zero. Therefore, the article is still wrong.

      --
      I claim first use of "Error No. 0B" - or "No. 0B error." It'll be the new ID 10T!
  5. Re:OMG, an OS with security issues... by Rosco+P.+Coltrane · · Score: 2, Funny

    Can someone show me the way to an OS with no security issues, please?

    Do FORMAT C: /S /Y then reboot. Voilà! No more virus or worm.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  6. 3 New Windows Security Problems Found... by Anonymous Coward · · Score: 5, Funny

    ...two turtle doves and a partridge in a pear tree!

  7. "Issues"? by John+Hasler · · Score: 4, Insightful

    > Apparently there are issues...

    What has become of the word "problem"? "Issue" is marketdroid-speak.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    1. Re:"Issues"? by glomph · · Score: 2, Interesting

      Microsoft degrades technology, the concept of business fairplay, and The English Language, too.

  8. Re:OMG, an OS with security issues... by JustinXB · · Score: 2, Funny

    Human 1.0 has no known security issues. Isn't always too stable, however. And, like always, it can depend on the administrator.

  9. Surprise, Surprise... by NotTheEgg · · Score: 3, Funny

    Apparently there are issues, even for a Windows XP system patched with Service Pack Two.

    *Gasp* Oh my god! Not SERVICE PACK 2, the horror ...

    1. Re:Surprise, Surprise... by IdleTime · · Score: 2, Insightful

      You seems to be a bit out of touch with reality....

      The averege user have no clue that they should not open attachements. The average user don't read media that warns about not opening attachments. The watch Desparate Housewifes and Biker Build-off and Cops and Americas Funniest Videos.

      Don't for one second think that the average user has any clue about what to do or not do in Windows oe any other OS for that matter.

      --
      If you mod me down, I *will* introduce you to my sister!
  10. to HTML, or not to HTML? by Gaima · · Score: 5, Funny
    Users are urged to ... and strongly encouraged to read e-mail in plain-text format to keep malicious images from utilizing LoadImage.

    ....

    Sign up to receive our free Tech e-newsletter and get the latest tech news, Hot Sites & more in your inbox.

    E-mail:

    Select one: HTML [x] Text [ ]

    err....?

  11. Tantamount to suicide by Sensible+Clod · · Score: 2, Interesting

    Every time new vulnerabilities are announced, they say, "don't do this, don't download that, don't use this or that program/feature/bug". Enough of this has gone on that every program that was of any use in Windows is now unusable for fear of remaining undiscovered holes/patches that didn't take.

    Let's now compile a list of these to give to people in order to convince them to switch to Linux. Meanwhile, so much functionality has been rendered unusable that when the next hole is found, they'll have to tell people not to use Windows at all ;-)

    Hey, I can dream, can't I?

    --

    The difference between spam and poop is that you don't have to dig through septic tanks looking for real food. -- Me
  12. News flash by SQLz · · Score: 3, Insightful
    ....even for a Windows XP system patched with Service Pack Two.

    Hey, let me give you all a tip.....even if the future service packs for XP reaches version 10, it will alway be insecure and full of critical issues that are discovered by people other than Microsoft.

    At least with Linux, the community usually discovers them first and before the problem is made public there is already a patch available. Now, these poor saps with Windows machines will probably have to wait weeks for a patch. Meanwhile, thier machines are being zombified as I type and turned into spam gateways.

    1. Re:News flash by skinfitz · · Score: 2, Insightful

      ANYONE can make OSS, release it, and have 10k+ security holes in it.

      ...and therein lies a weakness. Sure if you take a major project like Apache or MySQL then they will be scrutinised very carefully, however one could also argue that this increases risk as a skilled hax0r could spot a potential exploit in a way they couldn't with closed source (which, I will wager is what happened with Santy). There are (obviously) arguments for and against closed / open source, however if I may remind you of your own comment:

      At least with Linux, the community usually discovers them first and before the problem is made public there is already a patch available.

      And we compare this to the Santy situation, sure - there was a patch and workaround issued quickly, however 670,000+ sites still got compromised; it doesn't matter how quickly a patch is issued - once a fast spreading worm is in the wild the only thing that is a working defence is good basic security principles, such as you already mentioned, setting correct file permissions. If a worm can cover the planet in 15 minutes you ain't going to be hearing about the exploit and patching your box in that time. We humans are simply too slow. There is no substitute for a skilled admin. As you say, the code is only as good as the coders, and if that code isn't being checked by anyone who is skilled enough to spot these problems and it's just so damn useful (i.e. phpBB) that it becomes popular and therefore gets installed by lots of people who don't apply basic security principles then we have all of the ingredients for a potentially serious problem.

      I'm not having a go at you here, I'm merely pointing out that it is unwise to be lulled into a false sense of security just because one uses OSS.

    2. Re:News flash by SQLz · · Score: 2, Insightful

      The same can be said?? What I said was vulnerabilies are not being found by Microsoft but by crackers or security groups. The vuln with exploit code is then released into the wild, then MS patches days, weeks, even months after the exploit code is out. Name an open source project that waits even a week to patch a critical hole?

      With open source, the vuln is usually found by the ones developing the project or a group that has forked the code. The patch and new version is released before the exploit code. So, when an exploit comes out, you have a place to go to get a patch.

      These vulnerabilies are STILL not fixed. Its been like 4 or 5 days.

  13. Re:OMG, an OS with security issues... by GigsVT · · Score: 5, Funny

    Human 1.0 is a buggy piece of crap. Apparently there's a hard coded uptime limit of somewhere around 16-48 hours, and rebooting takes up to 12 hours, but usually 8.

    There are hundreds of DDoS attacks, including something as trivial as a potassium injection attack.

    All in all, I can't recommend Human 1.0 for production use yet.

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
  14. People could still use internet safety education by VanillaDeath · · Score: 2, Insightful

    ...urges users not to download .hlp files from email attachments.

    Yet people will continue opening strange attachments.
    I hardly blame Microsoft for this with people uneducated enough to open a .hlp file attachment, or any random attachment that reaches their inbox.
    Merry Christmas, learn how to use the technology you spend your cash on, etc. Love Wilson.

    --
    - Wilson
  15. Re:OMG, an OS with security issues... by Anonymous Coward · · Score: 3, Funny

    Actually, models of the human 1.0 that recieved the "Y" chromosome are vulnerable because they will readily accept forbidden fruit packets without verifying the original senders identity. Transmitting such packets via a model of the Human 1.0 bearing only "X" chromosomes ensures 100% deliverability of any packets. This flaw exists because the "Y" model of the Human 1.0 only uses waist-level firmware when interactiong with the "X-only" model.

  16. Give it a Rest, Please! by dingletec · · Score: 5, Funny

    Even with the daily list of vulnerabilities, viruses, BSOD's, lock-ups, Windows Protection Errors, Ooga-Booga dances to keep the machine running, Windows XP is still the best OS out there! Linux may be stable, virus-free, more secure by design, have tons of free software available, frequent updates, and no restrictions on how many times you install it or where, but it is definitely not ready for the desktop. I mean, it may have more features than Windows, easily connect to just about any type of network service, but really, who can say that it's ready for people to use? So what if it takes under 20 minutes to install a full system with more software than I would ever want to use. Five hours of installation, patching, inserting software cds, installing and updating virus protection, installing effective firewall software, finding device drivers, entering license numbers for an equivalent system in Windows is a small thing compared to what you get with Windows, whatever that means... So what if there are Linux desktops that have not needed rebooting in nearly 2 years, and the only work performed on them was to type "apt-get upgrade dist"? That's just too boring and predictable! What fun is there in that? So what if you can install or upgrade all currently installed software over the internet with one command or by selecting it and clicking install? I'm sorry, but Linux is not ready for the primetime, not "Enterprise" ready. I'm not sure what that means, and frankly I'm not sure anyone else who says that does either, but they are absolutely correct! I can vouch for it.

    --
    --dingletec--
    1. Re:Give it a Rest, Please! by FuzzyBad-Mofo · · Score: 2, Funny

      While I know it works great for Debian, I thought I'd try a little experiment upgrading FC2 to FC3 using apt-get. It almost worked..

      In other news, I just finished installing FC3 from scratch. Doh!

  17. Re:OMG, an OS with security issues... by linguae · · Score: 2, Insightful
    Can someone show me the way to an OS with no security issues, please?

    Try MS-DOS. No remote root exploits in over 23 years. No new viruses in a decade. No malware. No worms.

    Of course, you have other options. You have the classic Mac OS, CP/M, Apple DOS, etc.

    My point? Every OS that provides services to the Internet isn't 100% secure. Sure, Linux and *BSD may be more secure than Windows, but Linux and *BSD aren't perfect.

  18. Oh c'mon. by Deal-a-Neil · · Score: 4, Funny

    This is old news. If we're going to have articles about security issues with Windows, we might as well just have a static link to Microsoft.com on Slashdot's front page.

    Here's one of the permanent security bulletins to put on that static link description: Do NOT open any attachments in Outlook, at all. I mean, this is becoming one of the basic rules like, "Don't touch the stove, little Jimmy.. HOT! Very hot."

    Happy Christmas, Harry! Happy Christmas, Ron.

  19. NX != security by generationxyu · · Score: 2, Informative

    SP2 adds NX "protection." While this adds protection against buffer overflows on the stack, it does nothing for overflows on the heap, which can be just as bad. Also, if the return address is simply changed to an address on the heap, code in the heap can be executed. The heap has the executable bit, because of dynamic libraries loaded into the heap.

    --
    I mod down pyramid schemes in sigs.
    1. Re:NX != security by hobo2k · · Score: 2, Informative
      Two things: SP2 supports NX only where available. Not many people have hardware that supports it.

      Secondly, dlls are not loaded into "The Heap". In fact, the entire dll is not even executable. The PE header of a dll or exe specifies which segments are executable and which are not.

      www.prcview.com has a program which will show you the layout permissions for a process's memory.

      You are certainly correct that no one thing will solve all security problems. But everything else in your post is plain wrong.

    2. Re:NX != security by btg · · Score: 2, Informative

      Sorry, you have no idea what you are talking about. First of all, NX doesn't really have much to do with stack buffer overflows in particular - you'd normally mark the heap as NX too - you are thinking (and here I give you the benefit of the doubt) of the Stackguard-like protection (stack canary) with which all SP2+ apps are compiled. Anyway, NX is only relevent with processors that support that flag.

      Secondly, SP2 contains a BUNCH of useful technologies which are actually specifically designed to make heap overflow exploitation more difficult. These include PEB randomisation (make PEB overwrites harder), safe unlinking (no more unlinking pointer copies -> arbirary overwrite -> root) and chunk header cookies (like stack cookies).

      Oh, yeah, and DLLs aren't loaded into the heap. They're loaded at their preferred address and reloated by the loader if required.

      Apart from that, good post. Well done.

    3. Re:NX != security by kasperd · · Score: 2, Informative

      SP2 adds NX "protection." While this adds protection against buffer overflows on the stack, it does nothing for overflows on the heap,
      In Linux it is easier to use NX to protect the heap than to use NX to protect the stack. That is because on the heap, every allocation is explicitly marked executable or not executable. On the stack OTOH you don't have any way to know, if a particular page needs to be executable or not. Not all applications needs an executable stack, but gcc used to use the stack for trampolines, when you had a pointer to a nested function. Unless you can document, why it should be the other way arround in Windows, I don't believe it.

      which can be just as bad.
      It usually takes more work to exploit an overflow in the heap than in the stack, but as soon as working exploit code have been written, they are equally bad.

      Also, if the return address is simply changed to an address on the heap, code in the heap can be executed.
      Only if the heap is executable. You might find a usable function in the executable or a library, but you still need to pass arguments to really exploit it.

      The heap has the executable bit, because of dynamic libraries loaded into the heap.
      This is just plain wrong. The NX bit is about per page protection. Protecting an entire segment was always possible, it is just not usable in most cases.

      --

      Do you care about the security of your wireless mouse?
  20. Windows Security Issues by handy_vandal · · Score: 2, Funny
    USA Today is running a story that outlines three security issues in Microsoft Corporation's popular Windows desktop operating system product.

    Accurate, but not accurate enough for my taste.

    The post should actually read:
    ... a story that outlines three Security Issues (TM) in Microsoft Corporation's popular Windows ...
    -kgj
    --
    -kgj
  21. Battered spouse comparison by Tengoo · · Score: 5, Funny

    You know how on that show Cops, you'll occasionally see some redneck guy being stuffed into a police car? Then, in the background, you can hear his bloodied and bruised other half screaming (usually in a southern accent) 'I love him, don't you take him away!'

    This runs through my mind each time another friend of mine replaces his dead Windows box with another. I believe Windows users like to be hit.

  22. Re:Linux Flaws by upsidedown_duck · · Score: 5, Insightful


    There is no way to compare flaws in Windows and Linux, and every attempt to do so is misguided. The reason is that the politics behind disclosure for Microsoft is entirely different than for Linux, so there is no way to link them statistically.

    From the classic "there is one error for every thousand lines of code in a mature program" logic, a person could estimate how many bugs are present in both code bases and look at the number of published bugs to see who is covering their butts more. I'd guess Microsoft has more to lose from bad PR, so odds are they have internalized most knowledge about bugs.

    --
    -- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
  23. Open Source Christmas present by DrunkenPenguin · · Score: 2, Informative

    Yeah! Tell me about it. Nice present from Redmond guys. But let me tell you a happy story! Open Source world gave me the nicest Christmas present I could ever imagine! (well.. I had to download some software and compile a few libraries to make it work, but..)

    Linux audio community gave me Yamaha DX-7 synthesizer! This is my dream come true, I can now play some great tunes that made this synthesizer one of the most well known synthesizers. This synthesizer was used on U2's Unforgettable Fire and The Joshua Tree albums. This synthesizer was used by these artists: the Crystal Method, Kraftwerk, Underworld, Orbital, BT, Talking Heads, Brian Eno, Tony Banks, Mike Lindup of Level 42, Jan Hammer, Roger Hodgson, Teddy Riley, Brian Eno, T Lavitz of the Dregs, Sir George Martin, Supertramp, Phil Collins, Stevie Wonder, Daryl Hall, Steve Winwood, Scritti Politti, Babyface, Peter-John Vettese, Depeche Mode, D:Ream, Front 242, U2, A-Ha, Enya, The Cure, Astral Projection, Fluke, Kitaro, Vangelis, Elton John, James Horner, Toto, Donald Fagen, Michael McDonald, Chick Corea, Level 42, Queen, Yes, Michael Boddicker, Julian Lennon, Jean-Michel Jarre, Sneaker Pimps, Greg Phillanganes, Stabbing Westward and Herbie Hancock to name a few.

    Can you imagine that? And all this for FREE! Thanks to you guys who made that software synthesizer for Linux!

    Wanna have it? Here's where to start.

    You see, sometimes the best Christmas presents can be free! Happy Christmas and thank you very much, Open Source world!

  24. Re:Linux Flaws by m50d · · Score: 3, Informative

    hlp files (or rather the engine which handles them) are part of windows. Microsoft has said as much in statements in court under oath. Subversion has never been installed on my (linux) computer, so you can't count it as part of linux. If a program is installed by default on most of the "big seven" distros, or just the majority of linux installs (but how would you ever check?) I suppose you could count it as part of linux, but that's probably rather unfair since those distros are far more functional by default than windows is. Finally, slashdot does tend to post flaws in major OSS. Whenever I've had to do a security upgrade, I've always found the story on /..

    --
    I am trolling
  25. Re:OMG, an OS with security issues... by upsidedown_duck · · Score: 2, Funny


    There are hundreds of DDoS attacks, including something as trivial as a potassium injection attack.

    I prefer the DDoS: hot female co-workers wearing low-cut V-neck sweaters.

    --
    -- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
  26. Look at the URL... by NFNNMIDATA · · Score: 2, Funny

    I just wanted to point out that somebody at usatoday.com has a sense of humor:

    2004-12-24-we-three-winholes_x.htm

  27. Which day of Christmas is this? by AndroidCat · · Score: 2, Funny
    Four Windows exploits,
    Three Windows exploits,
    ...

    Man, I'm getting tired of that song!

    --
    One line blog. I hear that they're called Twitters now.
  28. The SP2 HLP file flaw cannot be remotely exploited by WhoDaresWins · · Score: 2, Informative

    The one vulnerability that does affect SP2 cannot be remotely exploited. So clicking on a link to a .hlp file on web page or email does nothing much. You have to explicitly save the file and then execute it. Check it out yourself here -
    http://www.xfocus.net/flashsky/icoExp/ (Do it at your own risk)

    That's so much user interaction that its a low risk issue. If you can convince the user to do that then you might as well send him an exe file and tell him to save and execute that. How about sending a gun with instructions - "point at foot and press trigger" ... Not everyone knows or has tools to make .HLP files. So yes that one exploit is worrysome but not much. Just block .HLP files on the mail server for the dumb users who will shoot themselves in the foot no matter what. Also its not like there are tons of sites out there having .HLP files linked in web pages. And even if they are, the user needs to make significant interaction to get exploited. So end result, you are pretty okay on SP2 with sensible users.

  29. Re:here's a comment/question to blow ya all away by lachlan76 · · Score: 2, Informative

    It can't affect the OSX system, if that's what you mean, unless you have a setup for sharing files between them and are running as root on OSX. Which you shouldn't be doing anyway.

    As for Windows inside the sandbox, that's as unsecure as Windows on a real PC.