Oops! Missed One Fix — Windows Attacks Under Way 292
CWmike writes "Microsoft says attackers are now exploiting a critical Windows bug that it didn't get around to fixing in its biggest batch of security patches in more than five years, issued yesterday. Microsoft said that 'limited and targeted' attacks are in progress by hackers exploiting an unpatched vulnerability in the WordPad Text Converter, a tool included with all versions of Windows. If Microsoft patches the WordPad problem on its monthly schedule, the first opportunity for fixing the flaw would be Jan. 9, 2009." Update: 12/10 22:28 GMT by T : OK, there might have been more than one: reader Simon (S2) writes "There is an even more serious flaw ... From SANS: 'There is a 0-day exploit for Internet Explorer circulating in the wild. At this point in time it does not appear to be wildly used, but as the code is publicly available we can expect that this will happen very soon. This is a brand new exploit that is *not* patched with MS08-073 that was released yesterday. I can confirm that the exploit works in a fully patched Windows XP machine. The exploit is a typical heap overflow that appears to be exploiting something in the XML parser.'"
That's good thinking... (Score:5, Insightful)
Holding back your zero day exploits until directly after the MS Patchday...if your bug hasn't been removed, then you have up to a full month of time to abuse it.
Clever.
Re:WordPad exploitable? (Score:4, Insightful)
IIRC Wordpad can handle some embeded objects in .rtf (and other??) files. I'm guessing the exploit takes advantage of a vulnerability with one of those embedded types or the handling of them.
Just a guess, and I'm posting before reading.
Re:::yawn:: nothing to see here, as usual. (Score:4, Insightful)
exploiting the weak link in the chain: your average user
Re:WordPad exploitable? (Score:5, Insightful)
People know not to open executable files (.exe) and even for more obtuse executables (.scr, .cmd) most systems and mail clients are smart enough to warn that it's executable content.
For data files like .jpg or .wri, neither the user or the system probably consider the file dangerous. So these type of exploits should be considered more dangerous than the completely-idiotic "e-mail people virus executables".
Especially considering many of these viruses propagate through address books (ie: trusted contacts)
But yes, at least it's not a completely automatic remote exploit.
Re:WordPad exploitable? (Score:2, Insightful)
No, it must be a buffer overflow that results from reading the file. Applications can't be made to do things they were not designed to do, but they can be used as tangential attack vectors [wikipedia.org] by forcing them to interact with malicious data.
Don't open email unrequested attachments from strangers and stop running Windows under an admin account and you'll effectively eliminate the chances of being hit by something like this. These "attacks" are mostly social engineering anyway.
Re:I don't understand (Score:2, Insightful)
Wordpad is like Notepad, except it can actually parse UNIX line endings :) :)
Sigh, I tried to brighten up the situation. Yes, you're right, both are crappy and annoying as hell :)
Re:::yawn:: nothing to see here, as usual. (Score:5, Insightful)
I wouldn't really think long before opening a .wri file. I must admit. .wri doesn't have script etc. capability to start with.
I am sure most admins didn't set policies about .wri attachments like they did for .doc stuff either. It makes it a big threat since for most people, wri (or RTF) is basically styled text file, nothing else.
Re:When are you fucking morons in the IT industry (Score:3, Insightful)
To be fair, this comes from a legacy component of Windows, that was not only written long ago, but is also not vulnerable in the latest versions. So they DID learn, just too late.
It does remind me of the Twilight Princess exploit on the Wii though. With all the trouble game companies go to DRM their shit to hell and beyond, one of their programmers didn't check bounds while reading the save file (not checking bounds when reading a fucking FILE, WHAT THE FUCK), and it got pwned. So Nintendo defeated its own protection scheme. What morons...
Re:I don't understand (Score:2, Insightful)
Well, sorta, if your definition of the beginning of time is 1995 or thereabouts ;) Before then, we had Write [wikipedia.org] and its unhidable EOF character... This almost makes me want to fire up Windows 3.1 on some old machine and see if Write supported non-DOS line-endings like WordPad does.
</nitpicking>
--- Mr. DOS
Re:I don't understand (Score:4, Insightful)
Re:I don't understand (Score:3, Insightful)
It's all about the timing (Score:3, Insightful)
Re:I don't understand (Score:4, Insightful)
This attitude is why Microsoft products have such a poor record for stability and security.
Computers SHOULD be designed for people who have no knowledge of the intricacies of operating systems.
Computers SHOULD be designed to be safe for beginners to use.
Computers SHOULD be designed so an unintended error does not result in a compromised system.
Computers SHOULD be designed to be robust enough to use without fear.
Operating system progress has virtually halted for more than a decade because of the Windows monopoly. THAT is the problem here, not users trying to come to grips with a needlessly complicated and inconsistent tool.
I HATE the way Microsoft's evangelists have switched to this "Blame the user" mentality to try shift attention from their failures. It's hypocritical, dishonest, and most of all, it allows them to sit on their laurels and continue serving up variations of the same stale OS they've been facelifting for the past 15 years.
Re:I don't understand (Score:3, Insightful)
If anyone at this point doesnt get that you dont open anything, from anybody, no matter what, then you will probably learn that Darwin is harsh even to the innocent.
That's different from saying they deserve it. These people are victims of malicious intent. That's like saying anyone who helps a stranger on the street deserves to be robbed. It might happen and 'Darwin is harsh', like you said, but that doesn't make it deserved.
The logic of 'they deserve it' also lets the criminal off the hook. If someone gets what they deserve, it's hard to see why the person who perpetrated that is guilty of anything in a moral sense.
Since this sequence (embedding a virus and changing the name to .wri) pretty much requires malicious intent, then to be infected you'd be opening a .wri file from an unknown source.
You mean like a worm email that comes from a friend's infected PC?
You should at least be asking yourself, if you know what a .wri is then why did they send that format? instead of say rtf?
People do odd things all the time. If you go a day without an odd thing happening, you must lead a very simple and sheltered life (which is odd in itself, so...).
Re:I don't understand (Score:3, Insightful)
Computers SHOULD be designed for people who have no knowledge of the intricacies of operating systems.
Depends on what they are going to do with them. See below.
Computers SHOULD be designed to be safe for beginners to use.
Yes, to use. But they will always need knowledgeable people to manage them, and any attempt to overcome this fundamental law of nature is doomed to cause lots of people to be infected by lots of malware.
Re:I don't understand (Score:2, Insightful)
Re:I don't understand (Score:3, Insightful)
Wordpad is like Notepad, only it can't make up its mind whether to be richtext or plaintext
What do you expect? Wordpad is 13 years old now. Things can be very confusing at that age.
I would have expected a degree of maturity with age, rather than confustion. Like Linux and Solaris, both a little older than Wordpad and a damn sight more mature.