Forgot your password?
typodupeerror
Security Bug Operating Systems Software Windows

3 New Windows Security Problems Found 190

Posted by timothy
from the now-wait-for-the-baffling-no-problems-in-years-claimants dept.
DotNM writes "USA Today is running a story that outlines three security issues in Microsoft Corporation's popular Windows desktop operating system product. It describes the issues and urges users not to download .hlp files from email attachments. Apparently there are issues, even for a Windows XP system patched with Service Pack Two."
This discussion has been archived. No new comments can be posted.

3 New Windows Security Problems Found

Comments Filter:
  • by Prince Vegeta SSJ4 (718736) on Saturday December 25, 2004 @01:00PM (#11181145)
    Merry X-Mas from your friends in Redmond! Geez do they even search for flaws on their own?
    • Wow, I've gotten everything I wanted for Christmas now, except maybe a home invasion, or rape or something.
    • by upsidedown_duck (788782) on Saturday December 25, 2004 @02:17PM (#11181406)
      Geez do they even search for flaws on their own?

      I'm sure Microsoft has an internal issue tracking system. Actually, I'd bet that's what motivated them for putting 64-bit support in Windows!
    • Yeah! Tell me about it. Nice present from Redmond guys. But let me tell you a happy story! Open Source world gave me the nicest Christmas present I could ever imagine! (well.. I had to download some software and compile a few libraries to make it work, but..)

      Linux audio community gave me Yamaha DX-7 [vintagesynth.org] synthesizer! This is my dream come true, I can now play some great tunes that made this synthesizer one of the most well known synthesizers. This synthesizer was used on U2's Unforgettable Fire and The Joshu
    • Four Windows exploits,
      Three Windows exploits,
      ...

      Man, I'm getting tired of that song!

  • by Ligur (453963) <or_inanc AT hotmail DOT com> on Saturday December 25, 2004 @01:01PM (#11181155) Homepage
    Millions of grains of sand found!
  • by jamesgray (824292) on Saturday December 25, 2004 @01:01PM (#11181156)
    "Microsoft Corporation's popular Windows desktop operating system product."
    What? Is there a minimum number of characters for a /. headline?
    Ha.
    • by mattdm (1931) on Saturday December 25, 2004 @01:18PM (#11181223) Homepage

      "Microsoft Corporation's popular Windows desktop operating system product."
      What? Is there a minimum number of characters for a /. headline?


      Look, not everybody instantly recognizes the names of every random computer program in existence. There's millions of 'em out there, and, especially for this one with its generic and not-very-descriptive name, it's good to provide some context. Sure, you might be a Microsoft Windows expert, but not everyone here is, y'know? How would you like it if there were a story about something called "Linux" without explaining what that was?
  • ANI... (Score:5, Informative)

    by Stile 65 (722451) on Saturday December 25, 2004 @01:02PM (#11181159) Homepage Journal
    According to a report on eWeek.com, one of the three vulnerabilities involves image handling, which has posed problems for Windows and Unix systems in the past. The other two vulnerabilities involve Windows' Help system and its .hlp files, and Windows' ANI (Automatic Number Identification) authentication capabilities.

    That's what ANI is in the context of telephone networks. In the context of a Windows system, it's an animated mouse cursor.

    Besides, these vulnerabilities were announced yesterday morning on Slashdot!
  • less than a day (Score:1, Redundant)

    by neoform (551705)
    and somehow they dupe the story..

    i mean camman, just read back 10 posts and you'll see the exact same story...!
  • "A Chinese security group reports..."

    Why does this not inspire confidence?

    "Users are urged to block e-mail attachments arriving with .hlp files attached and strongly encouraged to read e-mail in plain-text format to keep malicious images from utilizing LoadImage."

    This is new advice? Jeez, now my whole mail paradigm is hosed.
  • by Anonymous Coward on Saturday December 25, 2004 @01:08PM (#11181190)
    ...two turtle doves and a partridge in a pear tree!
    • On the 12 days of bootmas, Microsoft gave to me:
      • 12 default settings,
      • 11 managers reassuring,
      • 10 urgent memos,
      • 9 infected networks,
      • 8 users downloading,
      • 7 crashed machines,
      • 6 admins patching,
      • 5 security flaws,
      • 4 service packs,
      • 3 hot fixes,
      • 2 schedule delays,
      • and a buffer overflow exploit!
  • "Issues"? (Score:5, Insightful)

    by John Hasler (414242) on Saturday December 25, 2004 @01:09PM (#11181191) Homepage
    > Apparently there are issues...

    What has become of the word "problem"? "Issue" is marketdroid-speak.
    • Re:"Issues"? (Score:2, Interesting)

      by glomph (2644)
      Microsoft degrades technology, the concept of business fairplay, and The English Language, too [around.com].
    • Hewlett-Packard used to use the word "defect", by policy.

      That ended some years ago.

    • What has become of the word "problem"? "Issue" is marketdroid-speak.

      Quick answers to that question:

      1. Your browser must not recognize sarcasm tags.
      2. You can't have problems with something that does not exist, like Windows security, only never ending issues.
      3. If you are using Windows, you are already walking the marketroid walk, you might as well talk the talk.
      4. You are fired.

      Any more questions?

  • dupe (Score:1, Informative)

    by Anonymous Coward
    dupe. [slashdot.org]
  • Good Tidings to all, and HO! [yahoo.com] HO! [yahoo.com] HO! [yahoo.com]
  • by NotTheEgg (839387) on Saturday December 25, 2004 @01:13PM (#11181206)
    Apparently there are issues, even for a Windows XP system patched with Service Pack Two.

    *Gasp* Oh my god! Not SERVICE PACK 2, the horror ...
    • and the SP2 one isn't really an exploit as much as it is a stupidity check.

      "Gee! Bob from Accounting sent me this brand spankin' new Help file in my E-mail for Christmas! He's So Helpful! I'd better click on it because Bob told me to in his E-mail!"

      I mean come on. At this point everyone and their uncle should know not to open attachments unless you were expecting it from someone considering the media coverage these types of viruses get. In fact, Outlook Express blocks .hlp files by default, Of course mo
      • You seems to be a bit out of touch with reality....

        The averege user have no clue that they should not open attachements. The average user don't read media that warns about not opening attachments. The watch Desparate Housewifes and Biker Build-off and Cops and Americas Funniest Videos.

        Don't for one second think that the average user has any clue about what to do or not do in Windows oe any other OS for that matter.

    • SERVICE PACK 2: The Horror

      I'm still waiting for SERVICE PACK 3: The Search for Service Pack 2.
  • by Gaima (174551) on Saturday December 25, 2004 @01:16PM (#11181214)
    Users are urged to ... and strongly encouraged to read e-mail in plain-text format to keep malicious images from utilizing LoadImage.

    ....

    Sign up to receive our free Tech e-newsletter and get the latest tech news, Hot Sites & more in your inbox.

    E-mail:

    Select one: HTML [x] Text [ ]


    err....?

  • Every time new vulnerabilities are announced, they say, "don't do this, don't download that, don't use this or that program/feature/bug". Enough of this has gone on that every program that was of any use in Windows is now unusable for fear of remaining undiscovered holes/patches that didn't take.

    Let's now compile a list of these to give to people in order to convince them to switch to Linux. Meanwhile, so much functionality has been rendered unusable that when the next hole is found, they'll have to tell p
  • News flash (Score:3, Insightful)

    by SQLz (564901) on Saturday December 25, 2004 @01:21PM (#11181228) Homepage Journal
    ....even for a Windows XP system patched with Service Pack Two.

    Hey, let me give you all a tip.....even if the future service packs for XP reaches version 10, it will alway be insecure and full of critical issues that are discovered by people other than Microsoft.

    At least with Linux, the community usually discovers them first and before the problem is made public there is already a patch available. Now, these poor saps with Windows machines will probably have to wait weeks for a patch. Meanwhile, thier machines are being zombified as I type and turned into spam gateways.

    • SP2 sets it up by default to automatically download patches. You can have it to do everything in the background (default), let it inform you of updates, or do it manually And Microsoft is darned good at releasing patches for their software to boot.

      • that's real great so when my .hlp files edit /system32/drivers/etc/hosts

        and redirects windows update I can automatically get all my "updates" for "free"

    • ...but Linux is just a kernel. Would your thinking protect against the Santy worm? (on all platforms - including Linux)

      If so, how come as I write there are 670,000+ defaced sites?

      Now what if someone had included zombie code in perl?

      I'm not dissing Linux here but open source is not the holy grail of security. Something, somewhere, is always going to be a problem.
      • If so, how come as I write there are 670,000+ defaced sites?

        There are that many defaced phpBB sites because not all users or hosters know about proper setting of file permissions. Our unpatched sites were attacked for a MONTH (attacks started 21 November) prior to my hearing about the PHP and phpBB bugs, and were never damaged... Because the user 'apache' doesn't have write privileges in any of the directories that are accessible to the exploit. No writing means no defacing.

        And that situation applies to b

        • There are that many defaced phpBB sites because not all users or hosters know about proper setting of file permissions.

          ...which is precisely my point. PHP4 is open source, phpBB is open source, Linux is open source, yet sites were compromised. Simply using OSS does not a secure system make.
    • Normally I would agree with you, but as a sys admin who runs several web servers, all with php, the latest php bug was a huge problem for me.

      I was getting attacked a month ago with the phpBB exploit that php-4.3.9 and prior versions were open to. The patch came out a week ago.

      Sorry, I love *nix and open source, but its not a silver bullet. Every now and then it falters.

      *I realize php != linux, but both being open source, it demonstrates that the concept while a good one, is not automagic.
  • ...urges users not to download .hlp files from email attachments.

    Yet people will continue opening strange attachments.
    I hardly blame Microsoft for this with people uneducated enough to open a .hlp file attachment, or any random attachment that reaches their inbox.
    Merry Christmas, learn how to use the technology you spend your cash on, etc. Love Wilson.
  • by dingletec (590572) * on Saturday December 25, 2004 @01:42PM (#11181288)
    Even with the daily list of vulnerabilities, viruses, BSOD's, lock-ups, Windows Protection Errors, Ooga-Booga dances to keep the machine running, Windows XP is still the best OS out there! Linux may be stable, virus-free, more secure by design, have tons of free software available, frequent updates, and no restrictions on how many times you install it or where, but it is definitely not ready for the desktop. I mean, it may have more features than Windows, easily connect to just about any type of network service, but really, who can say that it's ready for people to use? So what if it takes under 20 minutes to install a full system with more software than I would ever want to use. Five hours of installation, patching, inserting software cds, installing and updating virus protection, installing effective firewall software, finding device drivers, entering license numbers for an equivalent system in Windows is a small thing compared to what you get with Windows, whatever that means... So what if there are Linux desktops that have not needed rebooting in nearly 2 years, and the only work performed on them was to type "apt-get upgrade dist"? That's just too boring and predictable! What fun is there in that? So what if you can install or upgrade all currently installed software over the internet with one command or by selecting it and clicking install? I'm sorry, but Linux is not ready for the primetime, not "Enterprise" ready. I'm not sure what that means, and frankly I'm not sure anyone else who says that does either, but they are absolutely correct! I can vouch for it.
  • Oh c'mon. (Score:5, Funny)

    by Deal-a-Neil (166508) on Saturday December 25, 2004 @01:50PM (#11181316) Homepage Journal
    This is old news. If we're going to have articles about security issues with Windows, we might as well just have a static link to Microsoft.com on Slashdot's front page.

    Here's one of the permanent security bulletins to put on that static link description: Do NOT open any attachments in Outlook, at all. I mean, this is becoming one of the basic rules like, "Don't touch the stove, little Jimmy.. HOT! Very hot."

    Happy Christmas, Harry! Happy Christmas, Ron.
  • NX != security (Score:2, Informative)

    by generationxyu (630468)
    SP2 adds NX "protection." While this adds protection against buffer overflows on the stack, it does nothing for overflows on the heap, which can be just as bad. Also, if the return address is simply changed to an address on the heap, code in the heap can be executed. The heap has the executable bit, because of dynamic libraries loaded into the heap.
    • Re:NX != security (Score:2, Informative)

      by hobo2k (626482)
      Two things: SP2 supports NX only where available. Not many people have hardware that supports it.

      Secondly, dlls are not loaded into "The Heap". In fact, the entire dll is not even executable. The PE header of a dll or exe specifies which segments are executable and which are not.

      www.prcview.com has a program which will show you the layout permissions for a process's memory.

      You are certainly correct that no one thing will solve all security problems. But everything else in your post is plain wrong

    • Re:NX != security (Score:2, Informative)

      by btg (99991)
      Sorry, you have no idea what you are talking about. First of all, NX doesn't really have much to do with stack buffer overflows in particular - you'd normally mark the heap as NX too - you are thinking (and here I give you the benefit of the doubt) of the Stackguard-like protection (stack canary) with which all SP2+ apps are compiled. Anyway, NX is only relevent with processors that support that flag.

      Secondly, SP2 contains a BUNCH of useful technologies which are actually specifically designed to make heap
    • Re:NX != security (Score:3, Informative)

      by kasperd (592156)
      SP2 adds NX "protection." While this adds protection against buffer overflows on the stack, it does nothing for overflows on the heap,
      In Linux it is easier to use NX to protect the heap than to use NX to protect the stack. That is because on the heap, every allocation is explicitly marked executable or not executable. On the stack OTOH you don't have any way to know, if a particular page needs to be executable or not. Not all applications needs an executable stack, but gcc used to use the stack for trampo
  • ... in 10 Oracle exploits posted on Bugtraq earlier. It's holiday time anyway, those DBs can wait.[/sarcasm]
  • And the purpose (Score:2, Interesting)

    by BCW2 (168187)
    of shit pack 2 was what? I guess to just add more ineffective bloat ware to everyones computer.

    On one customers laptop (auto update allowed) SP2 changed the language to Boznian. Format re-install, dis-able auto screw up.

    SP2 and Norton Internet Security 2003, or 2004 will almost always cause enough conflicts to require a R&R.
  • Even before this, I've been wondering if there is an alternative to the MS Help viewer (hh.exe) for CHM files, like xCHM in Linux?

    I did get xCHM running under Cygwin but for some reason the images don't show up...
  • We've seen this one [slashdot.org]before.

    But last time, the submitter at least got the comments right.
  • by handy_vandal (606174) on Saturday December 25, 2004 @02:14PM (#11181402) Homepage Journal
    USA Today is running a story that outlines three security issues in Microsoft Corporation's popular Windows desktop operating system product.

    Accurate, but not accurate enough for my taste.

    The post should actually read:
    ... a story that outlines three
    Security Issues (TM) in Microsoft Corporation's popular Windows ...
    -kgj
  • SP2 is not vulnerable to the ANI or LoadImage exploits that the article describes. It is however vulnerable to a variation of the hlp heap overflow exploit.
  • Why is this news? (Score:1, Flamebait)

    by AhBeeDoi (686955)
    Let me know when MS does something right. That will be news.
  • by Tengoo (446300) on Saturday December 25, 2004 @02:54PM (#11181506)
    You know how on that show Cops, you'll occasionally see some redneck guy being stuffed into a police car? Then, in the background, you can hear his bloodied and bruised other half screaming (usually in a southern accent) 'I love him, don't you take him away!'

    This runs through my mind each time another friend of mine replaces his dead Windows box with another. I believe Windows users like to be hit.
  • granted that the world's weasels are lining up six wide to get the next windoze crack out there and on the SANS list. granted that a cardboard sign being held by the highway reading "hit me, take my money, run and have fun" confers greater security than windows. there are still things that need running, according to corporate characters, that require the MS OS to run them.

    Now, the real question. is the sandbox secure in virtual PC / XP running on MacOS X, by any chance? I either have to upgrade a mach
    • It can't affect the OSX system, if that's what you mean, unless you have a setup for sharing files between them and are running as root on OSX. Which you shouldn't be doing anyway.

      As for Windows inside the sandbox, that's as unsecure as Windows on a real PC.
      • as good as I expected to hear. thanks, lacklan76. I don't think I will be rooting around while VPC is up, that's a compatibility box for particular app possibilities to me.

        one thing about the sandbox, if it's not leaky, all the "cats" on Da ISH can dump in it and stink it up, but the native kernel being protected is always upwind. you can restart VPC if things get bad.
        • I use VMWare personally though, but Virtual PC might have a mode to restore the disk drive to a base state after every boot (kind of like deepfreeze). VMWare does.

          You can use Samba to keep all your files on the OSX box, using the bridged network. That way, when it does get full of malware, you can just reboot and it's clean again.
  • I just wanted to point out that somebody at usatoday.com has a sense of humor:

    2004-12-24-we-three-winholes_x.htm
  • I really hate to rain on Timothy's parade, but not only is this story a dupe, it's looking more and more like a hoax. Secunia [secunia.com], no fan of Microsoft, has not even been able to repro any of these on a fully patched SP1 system, much less on an SP2 system. In addition, I tried to repro the last of these on an SP2 system, and could not do so.

  • by WhoDaresWins (601501) on Saturday December 25, 2004 @05:31PM (#11181983)
    The one vulnerability that does affect SP2 cannot be remotely exploited. So clicking on a link to a .hlp file on web page or email does nothing much. You have to explicitly save the file and then execute it. Check it out yourself here -
    http://www.xfocus.net/flashsky/icoExp/ [xfocus.net] (Do it at your own risk)

    That's so much user interaction that its a low risk issue. If you can convince the user to do that then you might as well send him an exe file and tell him to save and execute that. How about sending a gun with instructions - "point at foot and press trigger" ... Not everyone knows or has tools to make .HLP files. So yes that one exploit is worrysome but not much. Just block .HLP files on the mail server for the dumb users who will shoot themselves in the foot no matter what. Also its not like there are tons of sites out there having .HLP files linked in web pages. And even if they are, the user needs to make significant interaction to get exploited. So end result, you are pretty okay on SP2 with sensible users.

The biggest mistake you can make is to believe that you are working for someone else.

Working...