Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Exploits Circulating for Latest Windows Holes

Posted by CmdrTaco on Fri Aug 12, 2005 10:18 AM
from the netcraft-confirms-that-trolls-are-uncreative dept.
Security Operating Systems Software Windows
1sockchuck writes "Exploits are already circulating for at least two (and possibly four) of the Windows security holes addressed in Microsoft's updates on Tuesday. Several working exploits have been released for a new vulnerability in Windows Plug and Play technology, which could be used to spread a worm targeting Windows 2000 machines, according to eEye security, which has released a free scanner to help network admins identify vulnerable computers."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Exploits Circulating for Latest Windows Holes 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Microsoft Induced? (Score:5, Funny)

    by Deltaspectre (796409) on Friday August 12 2005, @10:20AM (#13304120)
    Perhaps this vulnerability was a 'Feature' to get people to migrate away from Windows 2000?

  • Only two or four... (Score:5, Funny)

    by creimer (824291) on Friday August 12 2005, @10:23AM (#13304154) Homepage
    At least, Microsoft is maintaining great quality control.
  • I mean W2K has been around for about... uh, 5 years?

    So isn't this just an old exploit that was just found?

    See? Having 900,000,000,000 lines of code is a good thing.

    • Re:Is it really New? (Score:5, Interesting)

      by 99BottlesOfBeerInMyF (813746) on Friday August 12 2005, @10:43AM (#13304321)

      So isn't this just an old exploit that was just found?

      No. This is an old vulnerability that was just published, and had new exploits written and published for it. That is not to say other exploits have not existed for this vulnerability for the last five years.

      • This is an old vulnerability that was just published, and had new exploits written and published for it.

        Just to amplify what you've said:

        This is an old vulnerability that was just published

        publically, and had new exploits written and published for it.

        It's possible, and has a certain chance of being likely that this exploit has been published in non-public fora for the past five years.

        As we learned a couple stories back, Microsoft is catching exploits of unpublished vulnerabilities in their honeypots. I'm

    • I mean W2K has been around for about... uh, 5 years? So isn't this just an old exploit that was just found?

      This just goes to prove that hackers are getting as lazy. I mean it took them 5 years to find this hidden feature. Or maybe MS programmers have more forsight than we give them credit for.

  • Registration form privacy information at eEye (Score:5, Insightful)

    by mikeophile (647318) on Friday August 12 2005, @10:25AM (#13304170)
    Our website's registration forms require users to provide contact information (names and email addresses) and financial information (account or credit card numbers). Financial information that is collected is used to bill the user for products and services purchased and is only used internally by eEye. Contact information is used to confirm and ship orders, to contact the user when necessary, and to notify users when new products and services are available. Users may choose not to receive future mailings from eEye; see the Choice/Opt-Out section below. eEye Digital Security may occasionally share visitor contact information with official product resellers that adhere to a comparable privacy policy; visitor contact information is NEVER given to other third-party vendors that are not affiliated with eEye.

    Why do they insist on my personal information if they aren't going to use it?

    They have the ability to let me opt out of of mailing, why don't they provide an opt out for my information in the first place?

  • It is interesting that... (Score:5, Insightful)

    by donleyp (745680) * on Friday August 12 2005, @10:26AM (#13304177) Homepage
    The exploits came out after the announcement and not before. It begs the question, do we need to give M$ credit for pushing the patch before the exploit became common knowledge? Compare this to Cisco who tried to squash recent publicizing of their vulnerability.
    • Cisco had also patched their vulnerability before the publicity. The whole point of the BlackHat presentation was to encourage admins to use the patch, and to shame Cisco for underplaying how serious the issue is.
    • I haven't the faintest clue why your comment is insightful.

      Let me give you some examples of exploits (ie worms) that came out after patches: Blaster, Sasser, Nimda (MS patched this 330 days before the worm actually hit). Code Red is the only one that immediately comes to mind as a worm that hit before the patch, and even in that case, MS didn't know ahead of time that IIS was exploitable. It was 0-day.

      In the case of the Plug & Play exploit, it became common knowledge *because* of the patch, which was re
      • It raises the question. Begging the question means something completely different.

        Not any more, Poindexter. The definition has changed. Languages have a tendency to do that, just as pedants have a tendency to want to see their language cast in stone.
        • The problem is that now it means both things, and every time you encounter it you have to reason out which meaning is being used. So it's currently better to not use the expression at all, and substitute "raises the question" for one meaning and "circular logic" for the other.

          Evolution of language isn't a problem, but useless entropy like forgetting the meaning of an expression makes clear and effective writing more difficult. There are those of us who like to read clear and effective writing, so we wish
  • But I'm reminded of a childhood verse...
    "The worms crawl in, the worms crawl out
    The worms play pinochle on your snout..."
    • Lovely little nursery rhyme, that
      Did you ever think, as a hearse goes by,
      That you might be the next to die?
      They wrap you up in a big white sheet,
      And bury you down about six feet deep

      They put you in a big black box,
      And cover you up with dirt and rocks,
      And all goes well, for about a week,
      And then the coffin begins to leak!

      The worms crawl in, the worms crawl out,
      The worms play pinochle on your snout.
      They eat your eyes, they eat your nose,
      They eat the jelly between your toes.

      A great big worm with rolling eyes,
      C

  • Free, but not without pain (Score:3, Insightful)

    by bitslinger_42 (598584) on Friday August 12 2005, @10:27AM (#13304185)

    Is anyone but me getting sick of these companies releasing "free" tools that require you to register for their incessant spam, phone calls, and other marketing harassment in order to download? Yes, I understand that they spent money to develop the tool, but what if I want to scan my home network? MySQL isn't too bad, at least. They have the marketing signup, should you be interested, but provide a link to download without all the crap.

    [Wanders off muttering about the good old days of gopher and archie]

  • The recent article on the front page here (2 down at the moment), talks about vulnerabilities linked to MS05-038 being in the wild in mid July (actually quite a bit earlier, but we will give them the benefit of the doubt). There have been a number of minor exploits in existence for at least a month and a half with respect to some image handling capabilities through IE (also MS05-038).

    Security-Protocols claimed to have discovered the vulnerability linked to MS05-041, and there were some minor claims that other people had been able to make it into exploits which weren't widespread.

    I initially thought that the Plug and Play vulnerability was linked to a report on an overflow with respect to handling USB devices (which has also been reported), but it seems to be much worse.

    I am fully aware of the reasons why companies EOL their software, but Microsoft's cessation of mainstream support for Win 2000 might be coming back to bite them, given that Win 2000 is just as vulnerable to these exploits as Win XP and 2003, if not more so.

  • ...Microsoft patched the holes BEFORE the exploits started circulating?

    If that's the case, what's the problem?
    • The millions of users who don't patch are the problem. Sometimes these exploits turn their computers into zombies that send spam or spread viruses, making them other peoples' problems as well.
    • Not everyone auto-updates and reboots right when the patch comes out. Some people might even ignore the Windows Update icon for weeks at a time, or tell it to stop bothering them.

    • Re:Unless I'm mis-reading this... (Score:5, Insightful)

      by Espectr0 (577637) on Friday August 12 2005, @11:01AM (#13304444) Journal
      Simple. It is known that exploits are made after MS releases the patch, by reverse engineering them. Since 90% of the people is stupid and don't patch their systems (i made this up) then these people get hit.

      My rant is not against MS. It's against people (supposedly people with knowledge) don't take the time to update their systems. SP2 actually improved this by trying to push the updates in the user's throats.
      • My rant is not against MS. It's against people (supposedly people with knowledge) don't take the time to update their systems.

        Until recently, they haven't really had to. They should have, but the zombie nets are relatively recent developments.

        I wonder how many people burned out their Model T engines because they didn't understand they had to change the oil.
      • The problem is that most people don't patch their systems.

        These days, people run expensive (in both monetarily and computationally senses) "virus" scanners instead of updating their systems. Ideally, if you have an up-to-date system, there are no holes for worms to exploit, so you don't need worm protection. Right?

  • Scanner? (Score:5, Funny)

    by Fear the Clam (230933) on Friday August 12 2005, @10:41AM (#13304312)
    "...eEye security, which has released a free scanner to help network admins identify vulnerable computers.

    What, the Windows startup screen wasn't sufficient to identify vulnerable computers?

  • In other news... (Score:2, Insightful)

    by Anonymous Coward
    Hundreds of vulnerabilities discovered in Linux since the release of a distro:

    http://www.mandriva.com/security/advisories?dis=10 .1 [mandriva.com]

    But of course, that's not newsworthy because it doesn't involve hating Microsoft. This ain't a troll; it's an attempt to show that BOTH systems have pretty lame security track records, yet all we hear about is Windows.

    Look at that list above. Given 300 million clueless users running that Mandrake instead of Windows, don't you think there'd be exploits for that plenthora of holes

    • Hundreds of vulnerabilities discovered in Linux since the release of a distro:

      Of course, Windows doesn't come with the hundreds (thousands?) of applications that Mandriva does, and so it's a bit unfair to compare the Mandriva security advisory list (which includes fixes for MySQL, Apache, Perl, Mozilla, Vi, etc etc) to the Windows list.

    • First of all, Linux distros support every package on the system, not just the core files like MS update. That means perl, MySQL, apache, even the modules for apache. Everything. With that in mind, compare the Secunia security reports for Mandrake 10.0 [secunia.com] and Windows XP Pro 10.0 [secunia.com], which hit the market at about the same time. Have a look at the amount of unpatched vulnerabilities in both and see if you can still come to the same conclusions. Sheesh!

  • nessus plugins available (Score:3, Informative)

    by sgt scrub (869860) <saintium@yaho o . c om> on Friday August 12 2005, @11:05AM (#13304475) Homepage
    If you need to test the machines on your network Nessus http://nessus.org/ [nessus.org] has released plugins.

  • Exploiting the Exploit (Score:2, Interesting)

    by Anonymous Coward
    The company distributing this requires you provide personal information just to pick up a small scanner which is entirely unnecessary. The purpose it seems behind distributing these little tools is to collect this information for sale and for use in sales.

    I would recommend that users stop using slashdot.org as a way to distribute pointless software in an attempt to collect free user data.

  • steps ahead (Score:4, Funny)

    by fihzy (214410) on Friday August 12 2005, @11:30AM (#13304745)

    Once again: (original at http://slashdot.org/comments.pl?sid=71367&cid=6457 101 [slashdot.org])

    10) find big remote vulnerability in product
    20) perfect the exploit
    30) have fun with it for months
    40) find another big hole in same product
    50) perfect exploit for hole
    60) alert vendor about original hole
    70) have fun with new hole
    80) goto 40

  • Let's Hear Ira Winkler Now (Score:3, Interesting)

    by Master of Transhuman (597628) on Friday August 12 2005, @12:12PM (#13305143) Homepage

    He's been writing that Mike Lynn did the industry a disservice by revealing the buffer overflow class of Cisco vulnerabilities.

    His logic is that as soon as you reveal a vulnerability, you accelerate the exploits, and therefore vulnerabilities should not be revealed. (In other words, the classic "security through obscurity argument.")

    He seems to think it makes more work for him and other security people.

    I pointed out to him that if we follow his logic, no vulnerability and no patch would ever be released. Here we have exploits following a patch. Does he now think Microsoft should not have released the advisory and patch because it "accelerated" the development of an exploit which will affect unpatched systems?

    This is exactly his logic with Mike Lynn's actions. He claims revealing the buffer flaws, even though Cisco has patched the two actual flaws found, will cause an exploit to appear that will affect unpatched systems and cause him "more work."

    I pointed out to him that he should thus blame Microsoft for patching the SQL Server flaws even though most admins didn't patch their servers in time for the worms that took advantage of them.

    I also pointed out to him that if he thinks security is easy and he can't handle the "extra work" exploits cause, get out of the business.

    His real motivation, of course, which I also pointed out to him, was simply sour grapes that he didn't get the press for revealing the flaws. The security business is very competitive, and every time a researcher announces something, everybody else denounces him as wrong, premature, or not following proper "protocol." All this just to keep THEIR names - and by extension, the same vulnerabilities they're complaining about - in the trade press. It's hypocritical.
    • Microsoft with all its massive billions of dollars, charging in excess of $300 for a full, licesned version of Windows XP Proffessional... Cannot afford to write clean, bug free code?

      As a programer myself I am often faced with the idea of completely re-writing my code, not just leaving the function sit, while being unused.

      Compare to Apple's OS X (granted, the numbers argument about there is not a mass majority to spread a major virus even if it was to be discovered), why cant Microsoft decide to take shape,

      • Re:Not to worry... (Score:4, Interesting)

        by whoever57 (658626) on Friday August 12 2005, @11:09AM (#13304509) Journal
        I think that you have to assume there will be bugs in the code. I am sure Apple has bugs. The real question, is: why are there so many listening ports on a Windows NT/2K/XP machine? Even one that has no files shared for users. What does it need them for? MS recommends running a firewall, which rather defeats the purpose of any listening ports, including such things as the administrative shares. In this case, we have some code that is supposed to detect new hardware apparently listening on the Ethernet port. Why? New hardware is going to fly down the network? Wow! MS should patent that now since it would put UPS and Fedex out of business. So, I don't think it is so much a bug as "what in $DEITY's name were they thinking when they designed this feature?"
      • I wish there was a direct correlation between "Making more money" and "Quality Products." Let's face it: Microsoft is the McDonalds of the Operating System world. They aren't interested in giving you the best thing on earth, they are interested in supplying you with barest essential needs to sustain you, in order to maximize their profit without sacrificing their customer demand and quarterly profits.

        Don't misunderstand me, I'm not trying to bash Microsoft. Overall I beleive their product fills the need o

    • It's exactly this kind of argument that people need to make to their bosses when talking about using open source software. Your company should decide when the life of a piece of software is over, and they can make this decision on factors like "Do I want to patch this or install a new version?" And because some vulernable software like IIS is built right in, you can't just upgrade that one piece if the vendor decides they'll no longer fix it for your platform.

      Microsoft's biggest problem really is all th

    • On one hand, things like this are very serious, and at least they are fixing the issue. The problem is that while many business continue to use Win2K, Microsoft in my opinion, has shifted its focus to WinXP or 2003, Yet critical fixes are still needed for 2K. Personally, the software curse is in effect here, once you produce something, you have to support it forever. Microsoft has a nice history of dumping products, or "ending support" as they call it.

      I believe MS is discontinuing patch support for Win2k

      • the enterprise versions are supported for 3 years. fedora is just a testbed, most of the folks that use it (including me) realize this.

        if you want long term support, buy something that has it.
    • I still have people using 75Mhz machines with windows 95, and most of my users are running 2000. We don't need to or have the budget to upgrade everyone to a new box with XP on it just so they can use word/excel, and email each other porn.
    • How exactly is Windows 2000 "out of date" by any standard except the date it was released? Windows XP is horrid compared to Windows 2000. Very few people I know have "upgraded" to Windows XP from Windows 2000. It's easier and cheaper to open the case and remove a stick of ram. Install a Yoshi's Island skin, and you have instant 2000->XP upgrade. Mentalities such as yours are why you need a 3 Ghz P4 and 512 MB of RAM just to open Microsoft Word in less than 30 seconds.
    • They do have every right, legally speaking. It's not a feature of Slashdot or internet culture, it's a feature of the American style of government. Ethically speaking, most security researchers disclose responsibly anyway - they give the company a month or so to fix the problem before telling the world. I, and probably most slashdotters, would agree that telling world+wife before the company producing the software has had a fair bash at the problem is a little off, if only because a lot of us know what it's

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.