Windows open to critical vulnerabilities

Help and Discussion

Moderator: The Mod Squad

Windows open to critical vulnerabilities

Postby Copper » Wed Jan 12, 2005 6:39 pm

Windows open to critical vulnerabilities
Time to get patching
Robert Jaques, vnunet.com 12 Jan 2005


TMicrosoft has detailed three newly discovered security flaws, two of which it rates as 'critical' because they could allow hackers to take remote control of compromised PCs.

The critical MS05-001 bug uses a handling flaw in HTML to allow malicious third parties to run arbitrary code remotely on unpatched PCs. The vulnerability exists in the HTML Help ActiveX control in Windows.

"If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft warned.

An attacker could then install programs, view, change or delete data, or create new accounts with full privileges.

Users whose accounts are configured to have fewer privileges on the system could be less affected than those who operate with administrative privileges.

The other critical flaw centres on a vulnerability in cursor and icon format handling that could also allow remote code execution.

An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, install programs, view, change or delete data, or create new accounts that have full privileges, according to Microsoft's advisory.

"A remote code execution vulnerability exists in the way that cursor, animated cursor, and icon formats are handled," Microsoft stated.

"An attacker could try to exploit the vulnerability by constructing a malicious cursor or icon file that could potentially allow remote code execution if a user visited a malicious website or viewed a malicious email message."

The third vulnerability, rated as 'important', has been found in the Windows Indexing Service that could allow remote code execution on an affected system. Microsoft pointed out that Indexing Service is not enabled by default on affected systems.

A wide variety of the software giant's consumer and business operating systems are affected by the flaws including Windows 2000, XP (SP2 only patches against one of the critical vulnerabilities) and Windows Server 2003.

"Only two thing are infinite, the universe and human stupidity,and Im not sure about the former." Albert Einstein (1879 - 1955)
Copper
Black Belt 5th Degree
Black Belt 5th Degree
 
Posts: 8640
Joined: Mon Jul 14, 2003 12:38 pm
Location: Midlands UK

Postby evasive » Thu Jan 13, 2005 2:46 pm

As of now a patch exists and is included in Windows Update
http://www.microsoft.com/technet/securi ... 5-001.mspx

another hole and patch:
http://www.microsoft.com/technet/securi ... 5-002.mspx

all good things come in threes:
http://www.microsoft.com/technet/securi ... 5-003.mspx

if they keep this rate we'll have some 250 patches by the end of this year :lol:
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby Copper » Thu Jan 13, 2005 3:18 pm

evasive wrote:As of now a patch exists and is included in Windows Update
http://www.microsoft.com/technet/securi ... 5-001.mspx

another hole and patch:
http://www.microsoft.com/technet/securi ... 5-002.mspx

all good things come in threes:
http://www.microsoft.com/technet/securi ... 5-003.mspx

if they keep this rate we'll have some 250 patches by the end of this year :lol:


was SP2 going to solve all known problems with XP. let face it it turn into a 250mb + cock up
"Only two thing are infinite, the universe and human stupidity,and Im not sure about the former." Albert Einstein (1879 - 1955)
Copper
Black Belt 5th Degree
Black Belt 5th Degree
 
Posts: 8640
Joined: Mon Jul 14, 2003 12:38 pm
Location: Midlands UK

Postby evasive » Thu Jan 13, 2005 4:03 pm

SP2 has been troublesome throughout the years. For NT4 it was a disaster, for win2k it only added trouble and for XP it plugged a great deal of holes but XP is only holes to begin with or so it seems...
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands


Return to Virus/Spyware/Security

Who is online

Users browsing this forum: No registered users and 3 guests