Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Three Serious Windows Vulnerabilities Surface
Ziff Davis Media, via Yahoo ^ | 12.24.2004 | David Morgenstern - eWEEK

Posted on 12/24/2004 5:33:21 PM PST by NYC GOP Chick

Symantec Corp.'s Security Response service on Friday confirmed that unpatched Windows vulnerabilities could pose a serious risk for exploits via malicious Web pages and e-mail messages.

One of the three security vulnerabilities involves image handling—a source of recent exploits on Windows and Unix (news - web sites) operating systems. The other two risks are found in the Help system and in Window's ANI (Automatic Number Identification) authentication.

Symantec said the Microsoft Windows LoadImage API Function Integer Overflow Vulnerability could be exploited via browsers or e-mail client software. Users who open an HTML message or Web page bearing the image could face security risks.

Another vulnerability that could only require users to click on a site or message is called the Windows Kernel ANI File Parsing Crash and DoS Vulnerability. Its vector, a malicious ANI file, could invoke a DoS (denial of service) attack that could bring down unprotected systems.

These two issues potentially affect a wide range of Windows versions, including Windows NT, Windows 2000 (news - web sites) and Windows XP (news - web sites) with SP (Service Pack) 1, the report advised. Windows XP SP2 machines are not vulnerable.

Another "high-risk" issue concerns the interpretation of Windows Help files (.hlp), Symantec said. Some decoding errors during processing could cause a heap buffer overflow that could then be exploited. This vulnerability affects Windows XP SP2 systems as well as earlier versions.

Symantec said the three vulnerabilities were first reported by a Chinese community group called Xfocus Team. Microsoft has yet to confirm the vulnerabilities and was unavailable for comment.

Symantec suggested that users make sure their virus definitions include the Bloodhound.Exploit.19 signature, which should prevent the LoadImage API Function Integer Overflow.

To ward off the other problems, Symantec said, Windows users should block e-mail attachments with an .hlp extension, avoid untrusted sites or e-mail messages from unknown sources, and read messages in plain-text format.

Exploits of graphics libraries and APIs on Windows and other operating systems have been a common occurrence throughout 2004. Earlier this week, a number of Linux (news - web sites) distributions offered patches for image-handling and PDF (Portable Document Format) libraries.

The problem also plagues developers of Web browsers. Earlier this month, America Online Inc. discovered its newly refreshed Netscape browser was open to an image-based attack when handling files in the PNG format. This vulnerability had already been fixed in earlier versions and on other platforms.

To read more about Windows graphics flaws, click here.

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.


TOPICS: Business/Economy; Culture/Society; News/Current Events; Technical
KEYWORDS: computersecurity; exploit; getamac; internetexploiter; lowqualitycrap; microsoft; patch; securityflaw; trojan; virus; windows; worm
Navigation: use the links below to view more comments.
first 1-2021-4041-58 next last

1 posted on 12/24/2004 5:33:21 PM PST by NYC GOP Chick
[ Post Reply | Private Reply | View Replies]

To: NYC GOP Chick

This should give everyone a merry Christmas.


2 posted on 12/24/2004 5:35:47 PM PST by Uncle Hal
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

ping


3 posted on 12/24/2004 5:37:13 PM PST by JoJo Gunn (More than two lawyers in any Country constitutes a terrorist organization. ©)
[ Post Reply | Private Reply | To 1 | View Replies]

To: backhoe

bump


4 posted on 12/24/2004 5:38:27 PM PST by JoJo Gunn (More than two lawyers in any Country constitutes a terrorist organization. ©)
[ Post Reply | Private Reply | To 1 | View Replies]

To: NYC GOP Chick


5 posted on 12/24/2004 5:42:17 PM PST by KoRn
[ Post Reply | Private Reply | To 1 | View Replies]

To: NYC GOP Chick

I think they began with the security holes and just built an operating system around them.


6 posted on 12/24/2004 5:55:15 PM PST by John Jorsett
[ Post Reply | Private Reply | To 1 | View Replies]

To: NYC GOP Chick

Gives me more incentive to try out Linspire.


7 posted on 12/24/2004 6:28:20 PM PST by pctech
[ Post Reply | Private Reply | To 1 | View Replies]

To: NYC GOP Chick

These exploits have been known for a while. If you keep your machines patched and up to date, you won't have any problems. Exploits like these are in EVERY OS and application. Most are not widely exploited until well after the flaws are published, once the script kiddies get their hands on the right code. It's the ones that aren't widely known and published that you have to worry about.


8 posted on 12/24/2004 6:42:36 PM PST by rightwingextremist1776
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...
You might want to check out Knoppix as well. You don't have to actually commit to anything until you can decide for yourself.
9 posted on 12/24/2004 6:44:17 PM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 7 | View Replies]

To: rightwingextremist1776
These exploits have been known for a while. If you keep your machines patched and up to date, you won't have any problems.

Kindly provide links showing:

1) That these exploits were known in the community before Tuesday
and, if you would:
2) That available Microsoft patches will protect against them.

10 posted on 12/24/2004 6:51:10 PM PST by steve86
[ Post Reply | Private Reply | To 8 | View Replies]

To: ShadowAce
Knoppix is also good for trouble shooting for hardware compatability for Linux.

Continuing with an issue I have with one of my boxes, Knoppix has done allot to narrow things down.

MERRY CRISTMAS!!!

11 posted on 12/24/2004 6:51:15 PM PST by KoRn
[ Post Reply | Private Reply | To 9 | View Replies]

To: Uncle Hal
This should give everyone a merry Christmas.

I bought an iMac G5 last month so I no longer have to worry about this sort of crap, except that I'm spending this week updating the Dells that my family has brought to me. Ugh. Why can't everyone just get a Mac so we can stop worry about these things.

12 posted on 12/24/2004 6:55:45 PM PST by 1LongTimeLurker
[ Post Reply | Private Reply | To 2 | View Replies]

To: KoRn

I'm trying Firefox right now. Seems faster, on a dial up, than IE.


13 posted on 12/24/2004 6:58:15 PM PST by sonofagun
[ Post Reply | Private Reply | To 5 | View Replies]

To: NYC GOP Chick

Have had a headache over this issue during the week on a website.


14 posted on 12/24/2004 6:59:43 PM PST by armymarinemom (but should never follow the words 'I support the troops")
[ Post Reply | Private Reply | To 1 | View Replies]

To: BearWash
2) That available Microsoft patches will protect against them.

I guess, in a way, XP SP2 is a "patch" that makes XP invulnerable, but that was probably by chance, and doesn't help 2k users.

15 posted on 12/24/2004 7:00:51 PM PST by steve86
[ Post Reply | Private Reply | To 10 | View Replies]

To: sonofagun
I'm trying Firefox right now. Seems faster, on a dial up, than IE."

Being on dialup, any little bit helps. I used to be on dial up I know lol.

16 posted on 12/24/2004 7:02:33 PM PST by KoRn (P>)
[ Post Reply | Private Reply | To 13 | View Replies]

To: BearWash
Sure Bearwash, I know not everyone is up to speed on IT security issues, as well as know where to go to get the info so here ya go....

http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

Please note the initial date of this patch is sept 14,2004

http://www.microsoft.com/technet/security/bulletin/ms04-031.mspx

Please note the initial date of this patch is Oct 12, 2004

http://www.microsoft.com/technet/security/bulletin/ms04-032.mspx

Please note the initial date of this patch is Oct 12, 2004

I know some people don't know too much about computer security so take it from one who deals with it on a daily basis...The patches are out there long before the exploits are "in the wild". Apperently it was a slow news day for Ziff Davis and Yahoo.

17 posted on 12/24/2004 7:35:09 PM PST by rightwingextremist1776
[ Post Reply | Private Reply | To 10 | View Replies]

To: BearWash

PS...Try windows update (tools/windowsupdate in IE). It works well for people that aren't "in the know".


18 posted on 12/24/2004 7:40:48 PM PST by rightwingextremist1776
[ Post Reply | Private Reply | To 10 | View Replies]

To: rightwingextremist1776
Chuckle, chuckle.

It's true, I have been retired from the senior I.T. security position in a major corporation for 5 years.

But I still know enough to tell when someone is trying to pull a fast one.

Those are different vulnerabilities, son.

19 posted on 12/24/2004 7:41:19 PM PST by steve86
[ Post Reply | Private Reply | To 17 | View Replies]

To: rightwingextremist1776

People "in the know" don't use IE in the first place, son.


20 posted on 12/24/2004 7:42:24 PM PST by steve86
[ Post Reply | Private Reply | To 18 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-58 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson