Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

More Windows Flaws Found

advertisement 
More Windows Flaws Found
by Alex Woodie
Four new vulnerabilities were discovered in <a target="new"
href="http://www.microsoft.com">Microsoft</a> Windows systems over the Christmas holiday, including
flaws that could allow hackers to execute code on a victim's computer remotely over the Internet. The
reports put the onus on Microsoft, which blasted the firm that revealed three of the problems just before
Christmas, to come up with fixes quickly before exploits can cause damage.
The first three vulnerabilities, having to do with the LoadImage API, the winhlp32.exe program, and
Windows kernel .ani file, were discovered by a team of Chinese security researchers, <a target="new"
href="http://www.xfocus.org">XFocus</a> and Venustech. The fourth vulnerability, an HTML help
control exploit for which Trojan horse viruses have already been written, was discovered by a security
researcher at <a target="new" href="http://greyhats.cjb.net">Greyhats Security</a>.
The LoadImage API integer buffer overflow vulnerability could enable an attacker to run arbitrary code on
victims' computers if they open an HTML page or e-mail containing a specially crafted icon, cursor, or
bitmap file. It affects Windows NT, Windows 2000, Windows XP, and Windows Server 2003, according to
Venustech.
The winhlp32.exe heap overflow vulnerability exists as a result of decoding errors that manifest themselves
in the parsing of a malicious help file, according to <a target="new"
href="http://www.symantec.com">Symantec</a>. Malicious help files encountered either through e-mail
or malicious Web pages can be used to exploit this vulnerability. This vulnerability also affects Windows
NT, Windows 2000, Windows XP, and Windows Server 2003.
Just being on Windows XP Service Pack 2 (SP2) doesn't guarantee protection this time around. The virus
written to exploit the HTML help control vulnerability, dubbed Trojan.Phel-A by Symantec, targets
Windows XP SP2 systems, as do two of the three vulnerabilities described by XFocus and Venustech.
The one vulnerability for which Windows XP SP2 is immune, the so-called Windows Kernel ANI File
Parsing Crash and Dos Vulnerability, actually covers two vulnerabilities having to do with problems in the
way that Windows parses Windows Animated Cursor (ANI) files. It can be used to cause a system to freeze
or crash, and affects Windows NT, Windows 2000, Windows XP, and Windows Server 2003.
In addition to allowing attackers to take over control of a victim's system computer, or initiating a denialof-service attack, some of the vulnerabilities can be used as an avenue to load spyware onto a victim's
computer. This is an area where Microsoft is looking to take the lead. By the end of January, Microsoft
expects to launch a beta version of its new anti-spyware product, which is based on technology obtained in
its acquisition of <a target="new" href="http://www.giantcompany.com">Giant Company</a> in
December.
Microsoft lashed out at Xfocus for its handling of the new vulnerabilities. The Redmond, Washington,
software giant reportedly claimed that the researchers did not notify the company of the security problems
privately before the security researchers posted them on the <a target="new"
href="http://www.securityfocus.com">SecurityFocus</a> public BugTraq mailing list.
The Greyhats Security researcher, who goes by the name of Paul, said he decided to post exploit code for
the Windows help vulnerability because it has been known about for a while, and because Microsoft hadn't
yet done anything about it. "Contrary to popular opinion, I do disclose my vulnerabilities to Microsoft
before release. They do not res[p]ond to any of my e-mails, so I assumed they either 1) didn't care, or 2)
were taking considerable action to patch these vulnerabilities," Paul wrote on his Web site. "The Microsoft
statement that I do not disclose the vulnerabilities to them is untrue and is probably just an attempt by
Microsoft to make me look bad because of their own incompetence."
Microsoft's next "Big Tuesday," the day it releases its monthly batch of security fixes and patches, is
January 11. Microsoft holds a Big Tuesday on the second Tuesday of every month. In December, Microsoft
started a new practice of providing a preview of the content of Big Tuesday on the Friday before the
patches and their associated Microsoft Security Bulletins are to be released. Microsoft is reportedly looking
into the newly disclosed vulnerabilities.
Microsoft has come under fire for the rigidity of its monthly patch cycle. Although the vendor says it
considers breaking out of its cycle to address certain critical security flaws, it rarely does that in practice.
And while the Big Tuesday events may help train users on the importance of keeping their systems up to
date, it also gives hackers and virus writers an advantage, since they can plan their activities around the
security upgrade cycle.
Related documents
Chapter 1Computer Concept
Chapter 1Computer Concept
MET 1103 Introduction to Computing
MET 1103 Introduction to Computing
Database Administration Fundamentals
Database Administration Fundamentals
ASP.NET MVC
ASP.NET MVC
Old YMCA Building in Richmond, Indiana 47374
Old YMCA Building in Richmond, Indiana 47374
Database Administration Fundamentals Course Outline
Database Administration Fundamentals Course Outline
Cloud OS Vision Deck Full Version
Cloud OS Vision Deck Full Version
Download
advertisement