Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 20 million monthly users. It takes less than a minute. Get new users downloading your project releases today!
WASHINGTON -- Microsoft Corp. on Wednesday warned about a serious flaw in almost every version of its popular Windows software that could allow hackers to seize control of a person's computer when victims read e-mails or visit Web sites.
Microsoft assessed the problem's urgency as critical, its highest level, and urged customers to download a free repairing patch immediately from its Web site, www.microsoft.com/security.
The company said it was unaware of any reports that hackers already had used the technique to break into computers, but the time between disclosure of a new flaw and such break-ins has become increasingly short.
Russ Cooper, a security expert for TruSecure Corp., based in Herndon, Va., predicted that antivirus software will be updated to protect users who might receive infected e-mails and that Web sites with infected pages would be shut down quickly once they are detected.
"I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs."
The problem involves tricking Windows into processing unsafe code built into a Web page or e-mail message. It was particularly unusual because it affected so many different versions of Windows, from Windows 98 to its latest Windows XP editions.
There was some good news. Microsoft said customers using the newest versions of its e-mail software, Outlook Express 6 and Outlook 2002, were protected from hackers trying to exploit the problem using e-mails.
Older versions of Outlook would also be safe if customers had manually applied another security patch, which Microsoft released in 2000 after the spread of the damaging "ILOVEYOU" virus.
Microsoft said customers could manually adjust settings hidden deep within its Internet Explorer browsing software to prevent Windows from processing the dangerous code. Experts, however, said that was not easy to do for many users and that it would cripple convenient functions for many popular Web sites.
Microsoft said customers using the newest versions of its e-mail software, Outlook Express 6 and Outlook 2002, were protected from hackers trying to exploit the problem using e-mails.
They should have add the following, "or if you are using just about any other mail reader besides ours."
I love how MS attempts to twist the story here and appears to make it look like you should only be using the most recent versions of THEIR software to be safe. They completely fail to mention that the only reason any of t
You have to this week, because of Linux. After Microsoft's weekly publicity blitz on Monday with the IIS bug, Linux fired back with a local root exploit, thus stealing the limelight. Microsoft, which is feeling very threatened by Linux these days, could not let that stand.
The big question is whether or not The Penguin will escalate with another salvo tomorrow. If so, you will have a busy Windows-patching session before the week ends.
I have both ms and linux servers, and it has been patch city all week. At least I know why. You know what they say, bad press is better than no press...
I know this is was off topic for the article, but since you are *grub* I will ask you a quick question. here goes
RH 8.0. Created grub password. Have not been prompted yet for it at any time. Downloaded 2.4.xx Athlon kernel. Will not upgrade. Failed three times. Would grub password have any thing to do with this?
Ahh yes, the grub password problem.. Well, here is what I would strongly recommend:
Format your hard drive
Install OpenBSD [openbsd.org] and their bootloader.
"The Lockergnome one" isn't specific enough. You're looking at only one of the Lockergnome MS vulnerability stories from that day. There are 3 stories about the IIS/WebDAV vuln and only 1 about the IE vuln ("Microsoft Warns Windows Users About Flaw"). Sad that there are 2 vulnerabilities reported on in one day, but...
No, it's not a Java exploit. It's a Windows Scripting exploit, meaning that even if you have Java turned off, but have Active Scripting (JScript/VBScript) enabled, you're still vulnerable. Of all things, it's a buffer overflow... in a SCRIPTING language.
It is monday...time to patch my Windows Boxes...
It is tuesday...time to patch my Linux boxes...
It is hump day...time to patch my Windows Boxes again...
Crap...what is Thursday gonna bring! And what is this gonna do to my loverly uptime!
It is hump day...time to patch my Windows Boxes again... Crap...what is Thursday gonna bring!
Thursday, time to patch the SunRPC holes in Solaris. I WAS about to implement a central NFS server for our workstations, but Sun has so many problems with their RPC implementation resulting in root exploits I think I'll have to look for something else.
I thought Thursday was the day we discovered all the crap that broke because of the patches...
Hell no, YOU are the one that installed the patch that broke the servers, fix that on your OWN time, over the weekend or at night. That will teach you.
Considering how much exploited was this particular flaw, I don't think that a lot of servers will remain unpatched, but, anyway, I still receiving so much hits from CodeRed and Nimda that I will not be surprised if such worm have a big success.
From the Microsoft security bulletin --------------- How to Check Which Version You Have
If you are unsure whether a product you are running is affected by this issue, check the version.
To determine which version of Microsoft Windows you are running:
1. On the taskbar at the bottom of your screen, click Start, and then click Run.
2. In the Run dialog box, type: winver
3. Click OK.
A dialog box displays the version that you are running. -------------
If it say "Microsoft " and something else, you are vulnerable.
To determine which version of Microsoft Windows you are running:
1. On the taskbar at the bottom of your screen, click Start, and then click Run.
2. In the Run dialog box, type: winver
3. Click OK.
A dialog box displays the version that you are running.
Hmm. I guess I am running Windows version "A fatal exception 0E has occurred at 0028:C004CDCF in VXD VNTFS(01)+ 0000B897. The current application will be terminated."
This affects all users who view HTML webpages with Internet Explorer or view HTML email on their windows box with an old version of Outlook or Outlook Express. If you are using another browser or email program you are still vulnerable if scripting is enabled. This is a problem with processing JScript. This is a problem for most M$ boxes. If using one please upgrade to another OS or update using windows update.
The webmail sites usually do some javascript filtering, but there have been bypasses for those filters in the past, and probably will be in the future. If you're using IE to read mail on those sites, there's always a chance this bug might bite you.
Yet another buffer overflow. In Windows. Yet another opportunity to send email viruses in Outlook. Yet another opportunity for Linux geeks to make fun of "M$."
While this is important news for Windows users, I expect MS has already told them. Move along, nothing to see here.
Celebration times come on! With slashdot now reporting speculations on future events, we can drop shit on Microsoft even before bad things have happened!
Believe it or not, Microsoft has had more than one security flaw in it's operating systems (just like Linux!!). This isn't the same bug as the one mentionned yesterday. Duh!
Had you read the article, or indeed, any of the previous comments, you'd have realised that you're as dumb as someone who wants to bomb Iraq for Oil.
#1 is the WebDAV vulnerability, affecting IIS 5 on Win2k. This is the one used to corrupt the military web server in question, and is a very worm friendly (arbitrary remote execution) vulnerability. This is the most likely target of a worm, as it can be purely automatic (a'la slammer and Code Red), and gives full system access.
#2 is a script engine vulnerability, allowing an email message or web page to execute arbitrary code. Although good for mail worms, this is less autonomous-worm friendly: it's a good secondary way to cross a firewall, but users need to read the email to spread, making a slower worm, something in the ballpark of an auto-executing Klez: a pain but nothing catastrophic. It also runs as the user, not as sysem, making it a (somewhat) less valuable exploit when targeting Win2k/XP.
Both are serious vulnerabilities which require patching, however.
No, you are not crazy. These articles are all refering to the other MS issue this week: IIS's WebDAV remote buffer overflow attack.
There is, however, a new issue today. Use Windows Update. This new issue would allow operators of a malicious website to remote root your machine if you navigate to them. This applies to all (!) versions of Windows since Win98.
The worm-friendly bug is the old bug. So, technically speaking, this post is 100% dupe. It just happened to (luckily?) coincide with another MS security issue.
This one is more worm friendly than the other. You know, Klez, Sircam, etc, ARE worms, and some of the most sucessful email worms are so because IE vulnerabilities (like the iframe bug). So this, that can be activated by a html mail, is the perfect opportunity for a big mail worm, and maybe easier to do than an obscure buffer overflow.
This new issue would allow operators of a malicious website to remote root your machine if you navigate to them.
According to Microsoft's advisory this exploit is only able to run with user priviledges. Although on Win9x this is always "root" it really shouldn't be the case on 2000 and XP. Because you really don't use your Administrator-account to browse the web, do you?
You & I don't, but most people will. By default, WinXP gives the user admin rights. Not always, and I haven't looked into it enough to know why, but most of the time.
So there I was at a Halloween party. This woman dressed up as a giant insect walks up. I realise she has a Microsoft logo on the chest of her costume.
I was hooked.
"So," she asked "does me being a Microsoft Bug make your Big Worm want to come out and play?" I was flabbergasted.. There I was being asked this by the woman of my dreams and I was wearing a Tequila Bottle costume...
The problem involves tricking Windows into processing unsafe code built into a Web page or e-mail message...
Microsoft said customers could manually adjust settings hidden deep within its Internet Explorer browsing software to prevent Windows from processing the dangerous code. Experts, however, said that was not easy to do for many users and that it would cripple convenient functions for many popular Web sites.
IOW, it's Yet Another Java 'Sploit; turn off ActiveX and Javascript [or just not use IE] and yo
If any of this does any good (outside of warning Windows admins). People who have used computers for twenty years still have no idea how these exploits and bugs work. They think that Kevin Mitnick can hack a computer with a telephone (ala Scanners) but don't think twice about double-clicking an email from "1337user@aol.com".
I sometimes think that education has been a problem, as all of these reports usually come with a verbose "what this does, what it doesn't, what you should do." So then I go on to think that it must be some sort of lethargy on the part of Joe End User. So then I think that a serious entrance learning curve would do the trick (i.e. stick every one on some old terminals).
But I think a threshold has been crossed. People now need to use computers. Colleges and businesses are going paperless, demanding a higher level of computer savvy... but all the while ignoring basic user compotence. Computer use is either "so simple a monkey could do it" or "impossible for anyone but geeks to understand". It's as if most users are satisfied to never understand how their "magic box" works.
This wouldn't bother me too much if it didn't seem that this same disease has seemingly infected a significant minority of admins out there (considering how ridiculously some of these viruses spread). Of course many of these seem to be (in my experience) non-CS academic types who "need" Unix workstations but are uninterested in protecting them.
Russ Cooper, moderator of the NTBugTraq security list and a security expert for TruSecure Corp., seems to be contradicting himself in two stories on the same day (or is being misquoted). Make of this what you will...
This story [gcn.com] quotes Cooper: "I do expect that in the next seven to 10 days we're going to see a worldwide wave" of attacks, probably via an Internet worm, Cooper said Wednesday. "And it will be effective."
And this story [nwsource.com] quotes Cooper: ""I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs.""
Probably because they are about two different vulns. Since the webdav hole is known to have an exploit already being used in the wild, it's pretty safe for Russ to say that it will be used.:)
He's probably also not too far off with the jscript integer overflow either. It's usually difficult to write an exploit that will work for all the different OS and jscript.dll versions, without simply crashing on a mismatched version. That makes an effective worm a lot less likely.
by Anonymous Coward writes:
on Wednesday March 19, 2003 @09:01PM (#5549054)
Technical details
Technical description:
The Windows Script Engine provides Windows operating systems with the ability to execute script code. Script code can be used to add functionality to web pages, or to automate tasks within the operating system or within a program. Script code can be written in several different scripting languages, such as Visual Basic Script, or JScript.
A flaw exists in the way by which the Windows Script Engine for JScript processes information. An attacker could exploit the vulnerability by constructing a web page that, when visited by the user, would execute code of the attacker's choice with the user's privileges. The web page could be hosted on a web site, or sent directly to the user in email.
Although Microsoft has supplied a patch for this vulnerability and recommends all affected customers install the patch immediately, additional preventive measures have been provided that customers can use to help block the exploitation of this vulnerability while they are assessing the impact and compatibility of the patch. These temporary workarounds are discussed in the "Workarounds" section in the FAQ below.
Frequently asked questions:
What's the scope of the vulnerability?
This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could cause code of his or her choice to be executed as though it originated on the local machine.
What causes the vulnerability?
The vulnerability is caused by a heap overflow in the Windows Script Engine for the JScript scripting language, JScript.dll.
What is a scripting language?
Scripting languages can be used to add additional functionality to HTML web pages or operating systems. They can enable a web author to set and store variables, and work with data in the HTML code. For instance, a script can be used to check the version of the web browser a user is running, validate input, work with applets or controls, and communicate to the user.
In addition, scripts can be used in Windows to automate operating system tasks such as changing settings or mapping a network drive.
What is a scripting engine?
The Windows Scripting Engine serves as the component within Windows that interprets and executes script code written in scripting languages such as JScript or VBscript.
What is JScript?
JScript is the Microsoft implementation of the ECMA 262 language specification (ECMAScript Edition 3).
It is an interpreted, object-based scripting language. In general, JScript has fewer capabilities than full-fledged object-oriented languages like C++. Stand-alone applications cannot be written in JScript, for example. JScript scripts can run only in the presence of an interpreter or "host", such as Active Server Pages (ASP), Internet Explorer, or Windows Script Host.
What's wrong with the Windows Script Engine for JScript?
There is a flaw in the way the JScript scripting engine processes the script. It does not correctly size a buffer during a memory operation.
What could this vulnerability enable an attacker to do?
This vulnerability could enable an attacker to cause code of the attacker's choice to run with user privileges on the system.
If I am not using Internet Explorer do I need the patch?
Yes. The vulnerability exists in the Windows Script Engine. Microsoft recommends all customers install the patch immediately.
How could an attacker exploit this vulnerability?
The attacker would need to construct a web page that contained specially formed script code. The attack could then proceed via either of two vectors. In the first, the attacker could host the web page on a web site; when a user visited the site, the web page could launch the script and exploit the vulnerability. In the second, the attacker could send the web page as an HTML mail. Upon being opened by the recipient, the web page could attempt to invoke the function and exploit the vulnerab
Has anyone tried to use Windows Update to grab this patch? I'm running WinXP at work and just tried to hit Windows Update to let it auto-magically determine which update(s) to send to me. However - it came back and said everything was already hunky dory, no patches available.
I checked www.microsoft.com/security and looked up the MS03-008 patch for XP. It had a Qfix number starting with 8. I then compared against the Qfixed installed in my add/remove programs listing and it wasn't there...
I'm wondering whether they forgot to include that patch on the WU site for WinXP users. Seems to me like that would be one of the most critical places to put it for all of the normal user-folk.
So, I manually downloaded and installed the "Js56en" patch on WinXP and it took.
As an aside - I was very concerned when MS announced the Windows Scripting Host functionality. My thinking at the time (and again now) is that they allow so many file types to be executed that there's just no way they can keep all of the bugs out of all of those interpreters. Figured it would just be a matter of time..
From the advisory, which is now in my mailbox, (though it wasn't a few hours ago when I left work) Microsoft was initially notified last July, iDefense's (paying) clients were notified in January and we, the great unwashed, are just hearing about this now.
Actually the receptionist(!) at work forwarded me a news story about this from the local tabloid newspaper this afternoon, but the article was so non-technical that it was impossible to tell what exploit they were talking about (and there were no links
Maybe this is a stupid question, but what is the point of enabling such feature as running executable code received in an e-mail? I know what everybody on Slashdot think (except for those 1337 H4X0RZ who find this useful). I just want to know the answer from inventor of this "feature".
Hearing about this bug, I thought I should run another Windows Update on my game box... just to be safe. Well, it ran as normal, but when I rebooted (as you ALWAYS have to do after an update), I noticed something strange. I didn't get the usual login prompt.
Aparrently, the update apparently broke my Windows Networking! I tried it on a couple other computers, and they all did the same thing. Network was still working fine for TCP/IP, but I couldn't see any other computers in the "Neighborhood".
There was one worm going around about a year and a half ago, that would get launched from the preview screen without the email being specifically opened. Well, we had finally gotten it mostly cleaned from our systems and one guy was checking his hard drive. He clicked on a file he didn't recognize, it tried to show the web-formatted document in a preview, and launched the script again.
i guess my point is that many people will launch the script without opening the email, simply because as soon as the he
Does anyone know if this flaw got beyond the theoretical level - i.e., were any exploits discovered, "in the wild"?
> When a (serious) MS bug is found...
Well, we already know one "military" server was owned by an unknown cracker, so exploits already exist out there, and they are being used.
In other words, yes it is biased reporting (what else do you expect on/.?), but there are very different levels of severity here. Bugs are everywhere, but no
For the lazy...... (Score:4, Informative)
Microsoft assessed the problem's urgency as critical, its highest level, and urged customers to download a free repairing patch immediately from its Web site, www.microsoft.com/security.
The company said it was unaware of any reports that hackers already had used the technique to break into computers, but the time between disclosure of a new flaw and such break-ins has become increasingly short.
Russ Cooper, a security expert for TruSecure Corp., based in Herndon, Va., predicted that antivirus software will be updated to protect users who might receive infected e-mails and that Web sites with infected pages would be shut down quickly once they are detected.
"I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs."
The problem involves tricking Windows into processing unsafe code built into a Web page or e-mail message. It was particularly unusual because it affected so many different versions of Windows, from Windows 98 to its latest Windows XP editions.
There was some good news. Microsoft said customers using the newest versions of its e-mail software, Outlook Express 6 and Outlook 2002, were protected from hackers trying to exploit the problem using e-mails.
Older versions of Outlook would also be safe if customers had manually applied another security patch, which Microsoft released in 2000 after the spread of the damaging "ILOVEYOU" virus.
Microsoft said customers could manually adjust settings hidden deep within its Internet Explorer browsing software to prevent Windows from processing the dangerous code. Experts, however, said that was not easy to do for many users and that it would cripple convenient functions for many popular Web sites.
Re:For the lazy...... (Score:5, Funny)
Worms don't have legs anyway, do they?
Gotta love (Score:2)
Re:For the lazy...... (Score:3, Interesting)
They should have add the following, "or if you are using just about any other mail reader besides ours."
I love how MS attempts to twist the story here and appears to make it look like you should only be using the most recent versions of THEIR software to be safe. They completely fail to mention that the only reason any of t
In order to keep it secret... (Score:5, Funny)
Re:In order to keep it secret... (Score:4, Funny)
Re:In order to keep it secret... (Score:5, Funny)
Re:In order to keep it secret... (Score:5, Funny)
Is this Monday? (Score:5, Funny)
Re:Is this Monday? (Score:5, Funny)
The big question is whether or not The Penguin will escalate with another salvo tomorrow. If so, you will have a busy Windows-patching session before the week ends.
Ain't competition great?
Re:Is this Monday? (Score:2)
Now that was funny!
I have both ms and linux servers, and it has been patch city all week. At least I know why. You know what they say, bad press is better than no press...
Re:Is this Monday? (Score:5, Funny)
Isn't Redhat a distro, Elmer?
Re:Is this Monday? (Score:2)
I know this is was off topic for the article, but since you are *grub* I will ask you a quick question. here goes
RH 8.0. Created grub password. Have not been prompted yet for it at any time. Downloaded 2.4.xx Athlon kernel. Will not upgrade. Failed three times. Would grub password have any thing to do with this?
Ahh yes, the grub password problem..
Well, here is what I would strongly recommend:
Format your hard drive
Install OpenBSD [openbsd.org] and their bootloader.
Realize that neither myself nor grub.net has no
Mod up (Score:2)
any other info about this?
Patch (Score:1)
Quite funny really (Score:2)
Of course, MS has been getting screwed in the server market for years and so this is not quite as big as they think...plus it's a week old story!
Re:Quite funny really (Score:3, Insightful)
Heh. (Score:2, Funny)
The Early Bird OS?
There seems to be some discrepency here... (Score:5, Interesting)
"I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs."
Russ Cooper is a security expert for TruSecure Corp., based in Herndon, Va.
There seems to be some disagreement on the exploitability of this.
Re:There seems to be some discrepency here... (Score:5, Informative)
The article describes a remote root exploit that affects IIS servers.
You are citing an article on a remote root exploit based on a user reading an email or visiting a web site.
Different remote root exploits. The IIS one is expected to be a pain, the email reading/website visiting one is not.
Not webdav (Score:5, Informative)
http://www.microsoft.com/security/security_bullet
Re:Not webdav (Score:2)
Every one of these links refers to MS03-007 and not MS03-008.
Re:Not webdav (Score:2)
The lockergnome one, which is the one from today:
http://www.lockergnome.com/update/archives/week_2 0 03_03_16.html [lockergnome.com]
It makes reference to emails and html pages, which relate the the vuln I referred to.
BTW, it looks like details are available now:
http://lists.netsys.com/pipermail/full-disclosure/ 2003-March/004574.html [netsys.com]
Re:Not webdav (Score:2)
Re:Not webdav (Score:2)
http://lists.netsys.com/pipermail/full-disclosu
what day is it again? (Score:5, Funny)
Re:what day is it again? (Score:2, Interesting)
Thursday, time to patch the SunRPC holes in Solaris. I WAS about to implement a central NFS server for our workstations, but Sun has so many problems with their RPC implementation resulting in root exploits I think I'll have to look for something else.
Re:what day is it again? (Score:2)
Hell no, YOU are the one that installed the patch that broke the servers, fix that on your OWN time, over the weekend or at night. That will teach you.
Dupe? (Score:2)
Considering how much exploited was this particular flaw, I don't think that a lot of servers will remain unpatched, but, anyway, I still receiving so much hits from CodeRed and Nimda that I will not be surprised if such worm have a big success.
Re:Dupe? (Score:2)
Big Worm? (Score:5, Funny)
I heard he smoked a fool over 20 bucks!
Re:Big Worm? (Score:4, Funny)
Web security news and papers (Score:1, Informative)
www.cgisecurity.com/lib [cgisecurity.com]
It doesn't look good for OS X (Score:5, Funny)
You might want to cover your Macintosh with a thin layer of paraffin, or place it in a plastic bag this week; that should deter any worms.
How to check if you are vulnerable (Score:5, Funny)
---------------
How to Check Which Version You Have
If you are unsure whether a product you are running is affected by this issue, check the version.
To determine which version of Microsoft Windows you are running:
1. On the taskbar at the bottom of your screen, click Start, and then click Run.
2. In the Run dialog box, type: winver
3. Click OK.
A dialog box displays the version that you are running.
-------------
If it say "Microsoft " and something else, you are vulnerable.
Xenix (Score:1)
Damn! That means my Microsoft Xenix system is vulnerable! How do I unstall this patch on Xenix? Is Xenix the same thing as XP?
Re:Xenix (Score:5, Funny)
I remember it, it really was bad.
This is NOT working!!!! (Score:5, Funny)
YOU WON'T BE ABLE TO TELL THE VERSION FROM THIS!
Microsoft must be saying something wrong!!!
I got a window popping up, the title was "Sorry - KDesktop", and then "winver" and "Could not run the specified command!"
So it's not woring. QED.
Re:This is NOT working!!!! (Score:2)
Re:How to check if you are vulnerable (Score:2)
I am running a strange version of Windows (Score:2)
1. On the taskbar at the bottom of your screen, click Start, and then click Run.
2. In the Run dialog box, type: winver
3. Click OK.
A dialog box displays the version that you are running.
Hmm. I guess I am running Windows version
"A fatal exception 0E has occurred at 0028:C004CDCF in VXD VNTFS(01)+ 0000B897. The current application will be terminated."
Not again (Score:1)
Can bug affect hotmail or yahoo email? (Score:1, Interesting)
Re:Can bug affect hotmail or yahoo email? (Score:2)
Yes, since it seems that it is actually the Windows Script engine (shared by IE, OE and the OS) that is the problem.
For more: click here. [microsoft.com]
Re:Can bug affect hotmail or yahoo email? (Score:2, Informative)
Re:Can bug affect hotmail or yahoo email? (Score:2)
lets play a game (Score:4, Funny)
xao
Re: (Score:2)
Re:lets play a game (Score:2)
MPL (Score:1, Flamebait)
Maybe this is there version of "open source".
Ho Hum... (Score:1)
While this is important news for Windows users, I expect MS has already told them. Move along, nothing to see here.
Eeep! (Score:2)
Cool! (Score:2)
Celebration times come on!
With slashdot now reporting speculations on future events, we can drop shit on Microsoft even before bad things have happened!
Exploit (Score:2)
I like it how he doesn't go on to give any tecnical reasons why there won't be widespread exploit attempts.
Pbbbbttt (Score:1, Redundant)
DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE DUPE
Hey guys.... how about writing a routine that chacks URLs in submitted storries vs. those already posted? Surely that would cut down on these repeats.
Re:Pbbbbttt (Score:2)
Believe it or not, Microsoft has had more than one security flaw in it's operating systems (just like Linux!!). This isn't the same bug as the one mentionned yesterday. Duh!
Had you read the article, or indeed, any of the previous comments, you'd have realised that you're as dumb as someone who wants to bomb Iraq for Oil.
Nick...
Re:Pbbbbttt (Score:2)
Two separate vulnerabilities (Score:5, Informative)
#2 is a script engine vulnerability, allowing an email message or web page to execute arbitrary code. Although good for mail worms, this is less autonomous-worm friendly: it's a good secondary way to cross a firewall, but users need to read the email to spread, making a slower worm, something in the ballpark of an auto-executing Klez: a pain but nothing catastrophic. It also runs as the user, not as sysem, making it a (somewhat) less valuable exploit when targeting Win2k/XP.
Both are serious vulnerabilities which require patching, however.
In case you are curious... (Score:5, Informative)
There is, however, a new issue today. Use Windows Update. This new issue would allow operators of a malicious website to remote root your machine if you navigate to them. This applies to all (!) versions of Windows since Win98.
The worm-friendly bug is the old bug. So, technically speaking, this post is 100% dupe. It just happened to (luckily?) coincide with another MS security issue.
Re:In case you are curious... (Score:2)
Re:In case you are curious... (Score:2)
Quoteth the parent:
According to Microsoft's advisory this exploit is only able to run with user priviledges. Although on Win9x this is always "root" it really shouldn't be the case on 2000 and XP. Because you really don't use your Administrator-account to browse the web, do you?Re:In case you are curious... (Score:2)
Re:In case you are curious... (Score:2)
Considering how often such issues come up, it's almost inevitable that such "coincidences" should happen semi-regularly.
Big worm (Score:5, Funny)
Truth suffers from too much analysis.
Ancient Fremen Saying
Microsoft's lesson from Herbert (Score:5, Funny)
Shai-Hulud's a-coming!
Re:Microsoft's lesson from Herbert (Score:3, Funny)
That will be natural for me....I'm Caucasian.
Deepest Apolgies... (Score:2)
it won't attrack the worm
Surf without I.E.
and it won't attrack the worm
Surf without I.E.
and it won't attrack the worm
Surf without I.E.
ah, you'll never burn
Re:Deepest Apolgies... (Score:3, Funny)
Don't worry! There are mitigating factors. (Score:2, Funny)
From the "Mitigating Factors" section of Microsoft's bulletin:
- For an attack to be successful, the user would need to visit a website under the attacker's control or receive an HTML e-mail from the attacker.
They forgot some other mitigating factors, like:
- the user's machine would have to be connected to a source of AC power
etc.
we are almost at war, you know... (Score:5, Funny)
the press will call it the "mother of all worms"
Oh yeah, baby... (Score:5, Funny)
Microsoft Bug May Attract Big Worm
So there I was at a Halloween party. This woman dressed up as a giant insect walks up. I realise she has a Microsoft logo on the chest of her costume.
I was hooked.
"So," she asked "does me being a Microsoft Bug make your Big Worm want to come out and play?" I was flabbergasted.. There I was being asked this by the woman of my dreams and I was wearing a Tequila Bottle costume...
/. Headline (Score:2)
old news... (Score:2)
IOW, it's Yet Another Java 'Sploit; turn off ActiveX and Javascript [or just not use IE] and yo
I sometimes wonder (Score:5, Interesting)
I sometimes think that education has been a problem, as all of these reports usually come with a verbose "what this does, what it doesn't, what you should do." So then I go on to think that it must be some sort of lethargy on the part of Joe End User. So then I think that a serious entrance learning curve would do the trick (i.e. stick every one on some old terminals).
But I think a threshold has been crossed. People now need to use computers. Colleges and businesses are going paperless, demanding a higher level of computer savvy... but all the while ignoring basic user compotence. Computer use is either "so simple a monkey could do it" or "impossible for anyone but geeks to understand". It's as if most users are satisfied to never understand how their "magic box" works.
This wouldn't bother me too much if it didn't seem that this same disease has seemingly infected a significant minority of admins out there (considering how ridiculously some of these viruses spread). Of course many of these seem to be (in my experience) non-CS academic types who "need" Unix workstations but are uninterested in protecting them.
Re:I sometimes wonder (Score:5, Funny)
Re:I sometimes wonder (Score:2)
Re:I sometimes wonder (Score:2)
But can he make people's heads explode like in Scanners?
Worms *don't* have legs! (nt) (Score:2)
Contradictions from the experts (Score:5, Interesting)
This story [gcn.com] quotes Cooper: "I do expect that in the next seven to 10 days we're going to see a worldwide wave" of attacks, probably via an Internet worm, Cooper said Wednesday. "And it will be effective."
And this story [nwsource.com] quotes Cooper: ""I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs.""
Re:Contradictions from the experts (Score:4, Informative)
He's probably also not too far off with the jscript integer overflow either. It's usually difficult to write an exploit that will work for all the different OS and jscript.dll versions, without simply crashing on a mismatched version. That makes an effective worm a lot less likely.
The Details (Score:5, Informative)
Technical description:
The Windows Script Engine provides Windows operating systems with the ability to execute script code. Script code can be used to add functionality to web pages, or to automate tasks within the operating system or within a program. Script code can be written in several different scripting languages, such as Visual Basic Script, or JScript.
A flaw exists in the way by which the Windows Script Engine for JScript processes information. An attacker could exploit the vulnerability by constructing a web page that, when visited by the user, would execute code of the attacker's choice with the user's privileges. The web page could be hosted on a web site, or sent directly to the user in email.
Although Microsoft has supplied a patch for this vulnerability and recommends all affected customers install the patch immediately, additional preventive measures have been provided that customers can use to help block the exploitation of this vulnerability while they are assessing the impact and compatibility of the patch. These temporary workarounds are discussed in the "Workarounds" section in the FAQ below.
Frequently asked questions:
What's the scope of the vulnerability?
This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could cause code of his or her choice to be executed as though it originated on the local machine.
What causes the vulnerability?
The vulnerability is caused by a heap overflow in the Windows Script Engine for the JScript scripting language, JScript.dll.
What is a scripting language?
Scripting languages can be used to add additional functionality to HTML web pages or operating systems. They can enable a web author to set and store variables, and work with data in the HTML code. For instance, a script can be used to check the version of the web browser a user is running, validate input, work with applets or controls, and communicate to the user.
In addition, scripts can be used in Windows to automate operating system tasks such as changing settings or mapping a network drive.
What is a scripting engine?
The Windows Scripting Engine serves as the component within Windows that interprets and executes script code written in scripting languages such as JScript or VBscript.
What is JScript?
JScript is the Microsoft implementation of the ECMA 262 language specification (ECMAScript Edition 3).
It is an interpreted, object-based scripting language. In general, JScript has fewer capabilities than full-fledged object-oriented languages like C++. Stand-alone applications cannot be written in JScript, for example. JScript scripts can run only in the presence of an interpreter or "host", such as Active Server Pages (ASP), Internet Explorer, or Windows Script Host.
What's wrong with the Windows Script Engine for JScript?
There is a flaw in the way the JScript scripting engine processes the script. It does not correctly size a buffer during a memory operation.
What could this vulnerability enable an attacker to do?
This vulnerability could enable an attacker to cause code of the attacker's choice to run with user privileges on the system.
If I am not using Internet Explorer do I need the patch?
Yes. The vulnerability exists in the Windows Script Engine. Microsoft recommends all customers install the patch immediately.
How could an attacker exploit this vulnerability?
The attacker would need to construct a web page that contained specially formed script code. The attack could then proceed via either of two vectors. In the first, the attacker could host the web page on a web site; when a user visited the site, the web page could launch the script and exploit the vulnerability. In the second, the attacker could send the web page as an HTML mail. Upon being opened by the recipient, the web page could attempt to invoke the function and exploit the vulnerab
Re:The Details (Score:2)
Here is a working link: How to Disable Active Content in Internet Explorer [microsoft.com]
-
Windows Update not working? (Score:5, Interesting)
I checked www.microsoft.com/security and looked up the MS03-008 patch for XP. It had a Qfix number starting with 8. I then compared against the Qfixed installed in my add/remove programs listing and it wasn't there...
I'm wondering whether they forgot to include that patch on the WU site for WinXP users. Seems to me like that would be one of the most critical places to put it for all of the normal user-folk.
So, I manually downloaded and installed the "Js56en" patch on WinXP and it took.
As an aside - I was very concerned when MS announced the Windows Scripting Host functionality. My thinking at the time (and again now) is that they allow so many file types to be executed that there's just no way they can keep all of the bugs out of all of those interpreters. Figured it would just be a matter of time..
another dupe? (Score:5, Funny)
I can't believe I read it here first (Score:2, Interesting)
Actually the receptionist(!) at work forwarded me a news story about this from the local tabloid newspaper this afternoon, but the article was so non-technical that it was impossible to tell what exploit they were talking about (and there were no links
Running code (Score:2)
s/feature/bug/g if $OS=="Windows"
Easier/Safer Update? (Score:2)
Hey everyone,
Has anyone found a place to download this patch without Windows Update? After recent discoveries [slashdot.org] I'm kinda reluctant...
Thanks!
Freaking Windows Update!! (Score:2)
Aparrently, the update apparently broke my Windows Networking! I tried it on a couple other computers, and they all did the same thing. Network was still working fine for TCP/IP, but I couldn't see any other computers in the "Neighborhood".
Only w
Previews in folder windows run scripts (Score:2)
i guess my point is that many people will launch the script without opening the email, simply because as soon as the he
The score so far this week: (Score:2)
Linux: 1
Bets for the end of the week, anyone?
Information warfare (Score:2)
Did anybody else read: (Score:2)
I'm sitting there thinking -- why would fatties have a thing for Microsoft? Bloated code?
Oh, never mind. Just wanted to blow some karma chunks.
Not a dupe! (Score:2)
Re:Why Navy rules.... (Score:1, Offtopic)
Re:Why Navy rules.... (Score:2, Funny)
(Defense, software, navy, RH6.2)
Who knows, maybe we sit at adjacent desks...
If that's the case, next time, will you fill
the friggen' coffee machine up when you take
the last cup?
T&K.
Re:Why Navy rules.... (Score:2, Offtopic)
Hasn't Red Hat stopped support of 6.2? Hmmmmm...
Re:Why Navy rules.... (Score:2, Offtopic)
Not until March 31st.
http://www.redhat.com/apps/support/errata/ [redhat.com]
Of course, I didn't see an update to their 2.2 series kernels in the RHSA for the ptrace vulnerability...
Re:Is there a Slashdot type site just for CODERS? (Score:3, Informative)
Re:Is there a Slashdot type site just for CODERS? (Score:2)
Re:Nice "reporting" (Score:2)
Does anyone know if this flaw got beyond the theoretical level - i.e., were any exploits discovered, "in the wild"?
> When a (serious) MS bug is found ...
Well, we already know one "military" server was owned by an unknown cracker, so exploits already exist out there, and they are being used.
In other words, yes it is biased reporting (what else do you expect on /.?), but there are very different levels of severity here. Bugs are everywhere, but no