Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Poison Applet Could Wipe Windows PCs
The Register ^ | 10 April 2003 | John Leyden

Posted on 04/15/2003 10:17:31 AM PDT by ShadowAce

A brace of Microsoft security vulns pose risks for both home users and corporates.

The more serious problem, involving Microsoft's virtual machine (Microsoft VM), which enables Java programs to run on Microsoft Windows, provides a mechanism for attackers to run amok on Windows PCs. Microsoft has released a fix designed to address the problem, which affects users of Windows 98, NT 4, Windows 2000, XP and Windows Me.

Attacks including "changing data, loading and running programs, and reformatting the hard disk", might be possible, according to the low-fat version of Microsoft's alert.

Well if that doesn't get consumers patching, what will?

The more technical version of this alert explains that the vuln arises through a flaw with the ByteCode Verifier component of the Microsoft VM. This makes the component "blind" to the presence of malicious code in Java applets.

Java applets are disabled within the Restricted Sites Zone, which reduces the risk if you're using a hardened version of Microsoft's email clients. That still leaves other infection routes for Windows users. No surprise then that Microsoft describes the flaw as critical.

An alert on the problem, which links to patches, can be found here.


Separately, Microsoft yesterday released patches designed to fix denial of service vulnerabilities involving Microsoft Proxy Server 2.0 and Microsoft Internet Security and Acceleration (ISA) Server 2000. Both issues are covered in the same alert.

The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in ISA Server 2000 are subject to similar flaws, bot covered in the same alert. The upshot of both vulnerabilities is that internal ne'er do wells can send malformed packets that could cause servers to hang.

Patches, described by Microsoft as important, can be found be following links on the advisory here


TOPICS: Business/Economy; Culture/Society; Technical
KEYWORDS: computersecurity; computersecurityin; java; mdm; software; vm; windows
Navigation: use the links below to view more comments.
first previous 1-2021-4041 next last
To: ShadowAce
All this is fixed in Windows RG.
Click here for a demo.
21 posted on 04/15/2003 10:56:59 AM PDT by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
The more technical version of this alert explains that the vuln arises through a flaw with the ByteCode Verifier component of the Microsoft VM. This makes the component "blind" to the presence of malicious code in Java applets.

HELP! I don't understand a thing they are saying.

All I know is I have a HP with windows XP, and AOL connection.

My AOL crashes all the time. I get these pop up messages saying I am leaking :-( important info and my McAfee virus icon in the bottom right disappears and I don't know if I have Freedom firewall or not.

22 posted on 04/15/2003 11:04:45 AM PDT by Spunky
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
I use the Windows Automatic-Update feature to keep up-to-date.
23 posted on 04/15/2003 11:10:25 AM PDT by PhilipFreneau
[ Post Reply | Private Reply | To 2 | View Replies]

To: Question_Assumptions
Is this what Apple stands for?

Israel-made battery found in computer

STEPS were taken by a distributor for Apple Computers to ensure that Israeli-made parts do not enter Bahrain after an Israeli-made battery was discovered by a customer in an old Apple Computer model.

[snip]

“They have taken up the matter with Apple Middle East, which is based in Ireland and ensured us that this won’t happen again.


24 posted on 04/15/2003 11:16:04 AM PDT by weegee (NO BLOOD FOR RATINGS: CNN let human beings be tortured and killed to keep their Baghdad bureau open)
[ Post Reply | Private Reply | To 16 | View Replies]

To: *Computer Security In
http://www.freerepublic.com/perl/bump-list
25 posted on 04/15/2003 11:22:02 AM PDT by Libertarianize the GOP (Ideas have consequences)
[ Post Reply | Private Reply | To 24 | View Replies]

To: Question_Assumptions
I'm not thrilled about Gore being on their board of directors either. However, I'm biting my tongue because I'm hoping that Al will help Apple sell computers to the government. That is one big client with very deep pockets. If Al can help to convince key bureaucrats that they should start buying Apple computers instead of Windows machines then Apple will sell a whole lot of computers.

Besides, would you rather see Al in the White House? Count your blessings.
26 posted on 04/15/2003 11:25:37 AM PDT by Billy_bob_bob ("He who will not reason is a bigot;He who cannot is a fool;He who dares not is a slave." W. Drummond)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Spunky
Check out Black Viper to fine tune Windows XP and Windows 2000. I set my system up according to his charts, and have had no problems. No leaking, either.
27 posted on 04/15/2003 11:27:13 AM PDT by TaxRelief
[ Post Reply | Private Reply | To 22 | View Replies]

To: ShadowAce
Any applet could wipe a Windows PC. That's the nature of Windows.
28 posted on 04/15/2003 11:40:53 AM PDT by HumanaeVitae (Tolerance is a necessary evil.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: HumanaeVitae
"Any applet could wipe a Windows PC. That's the nature of Windows."

Not true. The security made into Java is such that unauthorized applets cannot write to the hard disk. The only way this can happen is if there is a security hole in the Virtual Machine (as in this case).
29 posted on 04/15/2003 11:56:45 AM PDT by webstersII
[ Post Reply | Private Reply | To 28 | View Replies]

To: webstersII
Blue screen of death joke from a Mac enthusiast. ;-)
30 posted on 04/15/2003 12:08:11 PM PDT by HumanaeVitae (Tolerance is a necessary evil.)
[ Post Reply | Private Reply | To 29 | View Replies]

To: HumanaeVitae
Hey, there's enough other things to make fun of PCs for, let's not start making stuff up.

No, I'm not a Mac user, I use Windows and complain about it quite regularly. As they say, when in Rome . . . .
31 posted on 04/15/2003 12:35:53 PM PDT by webstersII
[ Post Reply | Private Reply | To 30 | View Replies]

To: ShadowAce
Yup, I thought I'd seen this story before.
32 posted on 04/15/2003 1:11:11 PM PDT by TechJunkYard (via Nancy)
[ Post Reply | Private Reply | To 1 | View Replies]

To: weegee
This is gonna be hard on the middle east. I think the new Intel chip for laptops is made in Israel. Probably explodes by remote control.
33 posted on 04/15/2003 1:26:06 PM PDT by js1138
[ Post Reply | Private Reply | To 24 | View Replies]

To: TaxRelief
Check out Black Viper to fine tune Windows XP and Windows 2000.

Thanks! I will.

34 posted on 04/15/2003 1:32:01 PM PDT by Spunky
[ Post Reply | Private Reply | To 27 | View Replies]

To: TechJunkYard
Oops. Sorry. The title didn't matach up in the search.
35 posted on 04/15/2003 2:01:38 PM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 32 | View Replies]

To: Question_Assumptions
I'm not happy with Al Gore being on Apple's board of directors.

He is not on yet,(He will be) as a stockholder I just got to vote against him....AGAIN!!!!!!!!!! It felt great.
36 posted on 04/15/2003 2:04:59 PM PDT by cmsgop ( Arby's says no more Horsey Sauce for Scott Ritter !!!!)
[ Post Reply | Private Reply | To 16 | View Replies]

To: ShadowAce
No biggie. I do have a winblows box in the house now, so I'm trying to keep up with these things.
37 posted on 04/15/2003 4:04:21 PM PDT by TechJunkYard (via Nancy)
[ Post Reply | Private Reply | To 35 | View Replies]

To: ShadowAce
Thanx, but I don't need 'em. ;-)
38 posted on 04/15/2003 8:13:26 PM PDT by rdb3 (It ain't nuthin' to a ballah, baby...)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Izzy Dunne
I love that website -- thank you! It reminds me of the computer I had at my old job.
39 posted on 04/15/2003 8:59:56 PM PDT by scott7278 (Four more years! Four more years!)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Izzy Dunne
XP = xtra problems
40 posted on 04/15/2003 9:12:46 PM PDT by stainlessbanner
[ Post Reply | Private Reply | To 21 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson