Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exploit Released for Unpatched Windows Flaw

Posted by samzenpus on from the patch-it dept.

woodchuck writes "Washington Post reports that another Windows hole has been found and exploit code is now running lose that makes swiss cheese of current patches and security measures. From the article: "Security researchers have released instructions for exploiting a previously unknown security hole in Windows XP and Windows 2003 Web Server with all of the latest patches applied. Anti-virus company Symantec warned of the new exploit, which it said uses a vulnerability in the way Windows computers process certain image files (Windows Meta Files, or those ending in .wmf). Symantec said the exploit is designed to download and run a program from the Web that downloads several malicious files, including tools that attackers could use to control vulnerable computers via IRC.""

6 of 386 comments (clear)

  1. Re:They call hackers researchers now? by GaryPatterson · · Score: 5, Insightful

    You're fighting a lost battle there. The common understanding of the word 'hacker' now implies criminal behaviour.

    The whole 'white hat' and 'black hat' thing never made it to the media, so all hackers are 'black hats' now.

  2. Re:They call hackers researchers now? by Anonymous Coward · · Score: 3, Insightful

    They can be called "hackers" all right. While I know that you and a handful of other language fascists would like to change how the rest of the world uses their language, it's a fact that "hacker" now means (in addition to the definition you want it to have -- there's nothing wrong about a word having several meanings which become apparent upon reflecting on the context in which they are used) what you mean by "cracker". What they can't be called is "researchers". Publishing a vulnerability can be considered research, POC code is highly doubtful in most cases, and a full-fledged app starting shit up connecting to an IRC server is just plain maliciousness. Thus, hacker or cracker -- take your pick. But researchers they ain't.

    Submitter, stop helping these people feel legitimate. The parent poster and I agree on one thing: they're just assholes.

  3. Genius Idiots. by mumblestheclown · · Score: 4, Insightful
    The people who took advantage of this loophole did so with a clear economic motive. This is because the loophole is used basically to a) install spysherriff, a bogus anti-spyware program and try to get the user to pay for it with a credit card b) install surfsidekick and other idiot spyware programs c) install a spam sender, in order to make a few more billionths of a cent.

    In other words, whatever asshat took advantage of this loophole did so because he thought he could make a buck. If his goal was simply to bring Windows to its knees, cause havoc, or make a political/economic statement of some sort, he would have chosen something else. Wiping out My Documents of all the infected machines, for example.

    Whoever did this is obviously deluded. While some money will of course ultimately flow from this nonsense to the "see no evil" people who are the beneficiaries of spamvertisements, spyvertisements and so forth, the actual exploiter basically has little to know chance of getting it (even if he is in Russia, as I'd suspect is a good bet) as his affiliate commission links will be tracked, as will wherever the hell that credit card box for SpySherriff was pointing to and so forth.

    So we have somebody smart enough (and make no mistake, it takes some smarts) to either discover or be in a small clique of people discovering a quite obscure loophole (it must be obscure, given just how old the affected .dll is), but have ABSOLUTELY NO FUCKING CLUE how to go about exploiting it other than in the most juvenile and unlikely way to fail imaginable. Furthermore, even though it is likely to fail, the guy has shown himself to basically be a psychopath, with little to no concern about the hundreds of thousands of hours (read: PEOPLE-LIFE-EQUIVALENTS) that will be spent agonizing over and fixing this.

    Whoever that person is, they are human filth. But, there's a lot of human filth out there. The sad thing is that this person obviously has potential to do so much more but simply pisses it away intead. Pathetic.

  4. Re:How/Why does thi skeep happening by HermanAB · · Score: 4, Insightful

    It is a carefully crafted buffer overflow in the stack causing a return address to be overwritten. A subroutine return instruction then jumps to the exploit code, instead of the parent routine. This an old trick to implement dynamic jump tables, exploited for malicious purposes.

    --
    Oh well, what the hell...
  5. Re:Just checking... by Lehk228 · · Score: 4, Insightful

    no, 5 years to stop the flood of wormable remote exploits isn't "pretty tight"

    --
    Snowden and Manning are heroes.
  6. Re:They call hackers researchers now? by Scarblac · · Score: 3, Insightful

    You're fighting a lost battle there. The common understanding of the word 'hacker' now implies criminal behaviour.

    The whole 'white hat' and 'black hat' thing never made it to the media, so all hackers are 'black hats' now.

    He's not even fighting that battle, he's fighting the one before that. What he calls a "hacker" is not what you call a "white hat hacker". A hacker is an exceptionally gifted programmer, the term has nothing to do with security. People trying to break into computers are crackers, regardless of their intentions. So-called "white hats" are crackers.

    That said, yeah, that battle is rather lost...

    --
    I believe posters are recognized by their sig. So I made one.