Poison Applet Could Wipe Windows PCs

The Register ^ | 10 April 2003 | John Leyden

[ShadowAce]

A brace of Microsoft security vulns pose risks for both home users and corporates.

The more serious problem, involving Microsoft's virtual machine (Microsoft VM), which enables Java programs to run on Microsoft Windows, provides a mechanism for attackers to run amok on Windows PCs. Microsoft has released a fix designed to address the problem, which affects users of Windows 98, NT 4, Windows 2000, XP and Windows Me.

Attacks including "changing data, loading and running programs, and reformatting the hard disk", might be possible, according to the low-fat version of Microsoft's alert.

Well if that doesn't get consumers patching, what will?

The more technical version of this alert explains that the vuln arises through a flaw with the ByteCode Verifier component of the Microsoft VM. This makes the component "blind" to the presence of malicious code in Java applets.

Java applets are disabled within the Restricted Sites Zone, which reduces the risk if you're using a hardened version of Microsoft's email clients. That still leaves other infection routes for Windows users. No surprise then that Microsoft describes the flaw as critical.

An alert on the problem, which links to patches, can be found here.

Separately, Microsoft yesterday released patches designed to fix denial of service vulnerabilities involving Microsoft Proxy Server 2.0 and Microsoft Internet Security and Acceleration (ISA) Server 2000. Both issues are covered in the same alert.

The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in ISA Server 2000 are subject to similar flaws, bot covered in the same alert. The upshot of both vulnerabilities is that internal ne'er do wells can send malformed packets that could cause servers to hang.

Patches, described by Microsoft as important, can be found be following links on the advisory here

[Izzy Dunne]

All this is fixed in Windows RG.
Click here for a demo.

[Spunky]

The more technical version of this alert explains that the vuln arises through a flaw with the ByteCode Verifier component of the Microsoft VM. This makes the component "blind" to the presence of malicious code in Java applets.

HELP! I don't understand a thing they are saying.

All I know is I have a HP with windows XP, and AOL connection.

My AOL crashes all the time. I get these pop up messages saying I am leaking :-( important info and my McAfee virus icon in the bottom right disappears and I don't know if I have Freedom firewall or not.

[PhilipFreneau]

I use the Windows Automatic-Update feature to keep up-to-date.

[weegee]

Is this what Apple stands for?

Israel-made battery found in computer

STEPS were taken by a distributor for Apple Computers to ensure that Israeli-made parts do not enter Bahrain after an Israeli-made battery was discovered by a customer in an old Apple Computer model.

[snip]

“They have taken up the matter with Apple Middle East, which is based in Ireland and ensured us that this won’t happen again.

[Libertarianize the GOP]

http://www.freerepublic.com/perl/bump-list

[Billy_bob_bob]

I'm not thrilled about Gore being on their board of directors either. However, I'm biting my tongue because I'm hoping that Al will help Apple sell computers to the government. That is one big client with very deep pockets. If Al can help to convince key bureaucrats that they should start buying Apple computers instead of Windows machines then Apple will sell a whole lot of computers.

Besides, would you rather see Al in the White House? Count your blessings.

[TaxRelief]

Check out Black Viper to fine tune Windows XP and Windows 2000. I set my system up according to his charts, and have had no problems. No leaking, either.

[HumanaeVitae]

Any applet could wipe a Windows PC. That's the nature of Windows.

[webstersII]

"Any applet could wipe a Windows PC. That's the nature of Windows."

Not true. The security made into Java is such that unauthorized applets cannot write to the hard disk. The only way this can happen is if there is a security hole in the Virtual Machine (as in this case).

[HumanaeVitae]

Blue screen of death joke from a Mac enthusiast. ;-)

[webstersII]

Hey, there's enough other things to make fun of PCs for, let's not start making stuff up.

No, I'm not a Mac user, I use Windows and complain about it quite regularly. As they say, when in Rome . . . .

[TechJunkYard]

Yup, I thought I'd seen this story before.

[js1138]

This is gonna be hard on the middle east. I think the new Intel chip for laptops is made in Israel. Probably explodes by remote control.

[Spunky]

Check out Black Viper to fine tune Windows XP and Windows 2000.

Thanks! I will.

[ShadowAce]

Oops. Sorry. The title didn't matach up in the search.

[cmsgop]

I'm not happy with Al Gore being on Apple's board of directors.

He is not on yet,(He will be) as a stockholder I just got to vote against him....AGAIN!!!!!!!!!! It felt great.

[TechJunkYard]

No biggie. I do have a winblows box in the house now, so I'm trying to keep up with these things.

[rdb3]

Thanx, but I don't need 'em. ;-)

[scott7278]

I love that website -- thank you! It reminds me of the computer I had at my old job.

[stainlessbanner]

XP = xtra problems