portland independent media center  
images audio video
newswire article reporting global

technology

New Microsoft Windows Vulnerability

Users of Microsoft Windows NT, 2000, and XP users should patch their systems as soon as possible. A new vulnerability that allows remote code execution has been published and a patch has been issued.
Users of Microsoft Windows NT, 2000, and XP users should patch their systems as soon as possible. A new vulnerability that allows remote code execution has been published and a patch has been issued. The time between the announcement of vulnerabilities and successful worms and viruses that exploit them has been getting shorter. The blaster worm came out 3 weeks or so after the patch to prevent it and was enormously successful. The blaster worm was relatively benign and did not carry a destructive payload but the destrutive possibilities for a virus or worm that can execute code on your machine are endless. Windows users can get the patch by running Windows Update or by visiting the link below.

Microsoft's tight-lipped statement can be found here:
 http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-007.asp

A more thorough discussion can be found here:
 http://www.securityfocus.com/archive/1/353385/2004-02-07/2004-02-13/1

----------

Microsoft Security Bulletin MS04-007

ASN.1 Vulnerability Could Allow Code Execution (828028)
Issued: February 10, 2004
Version Number: 1.0

Summary
Who should read this document: Customers who are using Microsoft® Windows®

Impact of vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Systems administrators should apply the update immediately.

----------

Microsoft ASN.1 Library Length Overflow Heap Corruption

Release Date:
February 10, 2004

Date Reported:
July 25, 2003

Severity:
High (Remote Code Execution)

Systems Affected:
Microsoft Windows NT 4.0 (all versions)
Microsoft Windows 2000 (SP3 and earlier)
Microsoft Windows XP (all versions)

Software Affected:
Microsoft Internet Explorer
Microsoft Outlook
Microsoft Outlook Express
Third-party applications that use certificates

Services Affected:
Kerberos (UDP/88)
Microsoft IIS using SSL
NTLMv2 authentication (TCP/135, 139, 445)
windows update looks like 10.Feb.2004 16:54

portland tech

Security Update for Windows 2000 (KB828028)
Download size: 309 KB, < 1 minute
A security issue has been identified in Microsoft Windows-based systems that could allow an attacker to compromise your Microsoft Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may need to restart your computer.

or

Security Update for Windows XP (KB828028)
Download size: 311 KB, < 1 minute
A security issue has been identified in Microsoft Windows-based systems that could allow an attacker to compromise your Microsoft Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may need to restart your computer.

Microsoft Ignores Security Warnings 11.Feb.2004 00:16

Random Bits

Security experts begged Microsoft to patch security holes in Windows XP two years before its release. However, Microsoft chooses to deal with the problem after the fact. How? By offering $250K reware for creators of Blaster Worm. But Microsoft only has to look towards Langley, Virginia, or Ft Meade, Maryland, for the most likely suspects.

========================
An Attack "Prone to Filtering" ?
Yes. Fortunately — as we'll see below — the attacking machines were all security-compromised Windows-based PC's. In a fluke of laziness (or good judgement?) that has saved the Internet from untold levels of disaster, Microsoft's engineers never fully implemented the complete "Unix Sockets" specification in any of the previous version of Windows. (Windows 2000 has it.) As a consequence, Windows machines (compared to Unix machines) are blessedly limited in their ability to generate deliberately invalid Internet packets.


It is impossible for an application running under
any version of Windows 3.x/95/98/ME or NT
to "spoof" its source IP or generate malicious
TCP packets such as SYN or ACK floods.
This statement (above) has generated tremendous confusion because I failed to qualify it by saying "using an unmodified operating system". I am well aware of, and I am a user of, third-party device driver add-ons which allow exactly this. However, as I prove conclusively on the WinXP page — where this issue is discussed at length — operating system modifications are irrelevant.



As a result, Internet security experts know that non-spoofing Internet attacks are almost certainly being generated by Windows-based PC's. Forging the IP address of an attacking machine (spoofing) is such a trivial thing to do under any of the various UNIX-like operating systems, and it is so effective in hiding the attacking machines, that no hacker would pass up the opportunity if it were available.

It is incredibly fortuitous for the Internet that the massive population of Windows-based machines has never enjoyed this complete "Unix Sockets" support which is so prone to abuse. But the very bad news is . . .


This has horribly changed for the worse
with the release of Windows 2000 and
the pending release of Windows XP.
For no good reason whatsoever, Microsoft has equipped Windows 2000 and XP with the ability FOR ANY APPLICATION to generate incredibly malicious Internet traffic, including spoofed source IP's and SYN-flooding full scale Denial of Service (DoS) attacks! (See my WinXP & DoS Page.)

================

for full article see  http://grc.com/dos/grcdos.htm