Windows has a 17 year old un-patched vulnerability

[*LTD*]

http://www.neowin.net/news/windows-has-a-17-year-old-un-patched-vulnerability

http://www.h-online.com/security/news/item/Windows-hole-discovered-after-17-years-908917.html

Windows has a 17 year old un-patched vulnerability
By Benjamin Rubenstein

When it comes to updating security threats and bugs in their operating systems, Microsoft is, for the most part, pretty good about it. True, there are threats here and there that get overlooked, but eventually, Redmond takes care of them... except in this case.

The H Security points out that Microsoft has ignored a security hole in Windows since the release of Windows NT 3.1 in 1993. This vulnerability is present in all 32-bit Windows operating systems since then. The problem exists due to a flaw in the Virtual DOS Machine (or VDM), which was used to support 16-bit applications. The flaw allows for a 16-bit program to manipulate the kernel stack of processes. The site notes that "this potentially enables attackers to execute code at system privilege level," making this a real threat to system security.

The vulnerability was discovered by a member of the Google security team, named Tavis Ormandy. The hole was tested and found to still be present in Windows XP, Server 2003, 2008, Vista, and 7, and can be used to open a command prompt "in the system context, which has the highest privilege level." Ormandy says that he informed Microsoft of this hole back in 2009, but they have yet to fix it. The work around for it happens to be pretty simple; all you have to do is disable the MS-DOS subsystem. It's advised that all companies patch the hole, especially now that the vulnerability is public knowledge. Turning this off should not affect any compatibility issues, unless, for some strange reason, you're still using 16-bit applications.

Here's how to disable it:

"The workaround requires users to start the group policy editor and enable the "Prevent access to 16-bit applications" option in the Computer Configuration\Administrative Templates\Windows Components\Application Compatibility section."

 

[*LTD*]

New un-patched IE flaw found a day after latest hotfix

http://www.neowin.net/news/new-un-patched-ie-flaw-found-a-day-after-latest-hotfix#comments

New un-patched IE flaw found a day after latest hotfix
By Andrew Lyle

Only a day after the recent out-of-band Internet Explorer vulnerability patch, a new un-patched Internet Explorer flaw could leave thousands of users at risk.

The new attack uses smaller un-patched vulnerabilities in Internet Explorer, small enough they couldn’t compromise a system, but together they can overwhelm Internet Explorer and give access to a users machine if the individual clicks on a malicious link. Jorge Luis Alvarez Medina said to Reuters, "There are three or four ways to conduct this type of attack." Alvarez Medina is a security consultant with Boston-based Core who have been researching Internet Explorer weaknesses.

The smaller exploits triggers four or five minor exploits at the same time, by three or four different methods to trigger the attack.

Alvarez Medina said that the attack uses a string of four or five minor exploits in Internet Explorer. The vulnerability will be demonstrated at the yearly Black Hat Security conference, which will take place on February 2, 2010.

 

[elppa]

Developer fixes 33-year-old Unix bug. Error from 1975 corrected at last?

Software bugs happen.

 

[*LTD*]

Developer fixes 33-year-old Unix bug. Error from 1975 corrected at last?

Software bugs happen.

That's not exactly a horrible browser flaw. On IE. Again.

 

[belvdr]

That's not exactly a horrible browser flaw. On IE. Again.

So what? All software has bugs, and Apple patches their systems too.

 

[miles01110]

So what? All software has bugs, and Apple patches their systems too.

Isn't it clear that to LTD Apple patches are just another example of how great a company Apple is, while Microsoft patches are just another example of their incompetence?

 

[*LTD*]

Whatever dissuades people from using IE, all the better.

 

[rdowns]

Get a blog already.

 

[Queso]

LTD this constant Microsoft bashing is getting a little dull now. This isn't MacDailyNews. MR is where the grown ups play.

 

[MacDawg]

Whatever dissuades people from using IE, all the better.

Why do you even care what other people are using?

I don't care if people use Windows, IE, MS Office or whatever else they want to use
Neither do I care if people on the Mac use Firefox over Safari

Or if they order a Nexus One instead of an iPhone

Why should I care?

Woof, Woof - Dawg

 

[Consultant]

Developer fixes 33-year-old Unix bug. Error from 1975 corrected at last?

Software bugs happen.

Security vulnerability =/= bug

You can take control of a windows machine using the security vulnerability. You can't do it with the unix bug, not even close.

 

[Rodimus Prime]

Why do you even care what other people are using?

I don't care if people use Windows, IE, MS Office or whatever else they want to use
Neither do I care if people on the Mac use Firefox over Safari

Or if they order a Nexus One instead of an iPhone

Why should I care?

Woof, Woof - Dawg

For the most part I do not care what other people use. The only selfish reason I like to see people use a browser other than IE is that it force web sites to consider the fact that they can not code for just one browser.

I hate IE only site.

 

[miles01110]

Why do you even care what other people are using?

I don't care if people use Windows, IE, MS Office or whatever else they want to use

Sadly I must agree with LTD on this one. You should care that IE* is still in use because of the public and private infrastructure is based off it. Exploitation of a browser *can* affect you, or at least your personal information.

 

[roadbloc]

Blah blah blah. Software has bugs. Yes, even Apple's software. Who could care less.

 

[Eidorian]

LTD this constant Microsoft bashing is getting a little dull now. This isn't MacDailyNews. MR is where the grown ups play.

I've noticed a lot of users expect to get patted on the back when they bash Microsoft. If you don't join in with the bashing suddenly you're some paid Microsoft shill that's astroturfing on MacRumors. Wait I own a Mac, how did it go from that to baseless accusations.

I still need to make a flowchart.

Get a blog already.

Thankfully this sub-board is dead enough as it is.

 

[Peace]

[rainbows and unicorns]

ALL operating systems are bug free aren't they?. I mean why release an OS with a bug. Can't the coders do stuff right?.

[/rainbows and unicorns]

 

[Queso]

I still need to make a flowchart.

Just don't use Visio to do it . It'll only set them off

 

[skunk]

I still need to make a flowchart.

I'm still collating.

 

[miles01110]

I still need to make a flowchart.

It goes something like this.

 

[OllyW]

It goes something like this.

Brilliant!

Saved for future use.

 

[maflynn]

LTD,

Start a anti-google anti-microsoft blog.

Seriously, bugs happen. I'm sure apple has fixed bugs that were in the OS since day one.

We get that you don't like either company but you don't need to continually re-post every anti-google anti-microsoft article here.

 

[chown33]

It goes something like this.

Can I get that on Hollerith cards?

 

[mac2x]

Security vulnerability =/= bug

You can take control of a windows machine using the security vulnerability. You can't do it with the unix bug, not even close.

Most useful post in this thread, right here.

 

[localoid]

Most useful post in this thread, right here.

Or, maybe not.

April 20, 2007: Macaulay, a software engineer, was able to hack into a MacBook through a zero-day security hole in Apple's Safari browser. The computer was one of two offered as a prize in the "PWN to Own" hack-a-Mac contest at the CanSecWest conference here.

And again in 2008.

April 21, 2008: Miller won $10,000 and a new Macbook Air last month after hacking into the laptop in a matter of minutes. The PWN2OWN contest invited hackers to try to install unauthorized software on fully patched Mac OS X, Windows and Linux computers using previously undisclosed "zero-day" flaws.

And again, in 2009.

Charlie Miller has done it again. For the second consecutive year, the security researcher hacked into a fully patched MacBook computer by exploiting a security vulnerability in Apple’s Safari browser.

“It took a couple of seconds. They clicked on the link and I took control of the machine,” Miller said moments after his accomplishment.

 

[*LTD*]

Or, maybe not.

April 20, 2007: Macaulay, a software engineer, was able to hack into a MacBook through a zero-day security hole in Apple's Safari browser. The computer was one of two offered as a prize in the "PWN to Own" hack-a-Mac contest at the CanSecWest conference here.

And again in 2008.

April 21, 2008: Miller won $10,000 and a new Macbook Air last month after hacking into the laptop in a matter of minutes. The PWN2OWN contest invited hackers to try to install unauthorized software on fully patched Mac OS X, Windows and Linux computers using previously undisclosed "zero-day" flaws.

And again, in 2009.

Charlie Miller has done it again. For the second consecutive year, the security researcher hacked into a fully patched MacBook computer by exploiting a security vulnerability in Apple’s Safari browser.

“It took a couple of seconds. They clicked on the link and I took control of the machine,” Miller said moments after his accomplishment.

The first day was to hack the Mac remotely. Not one person could do it. Nobody. No remote access, no viruses, nothing. Nobody can hack Macs remotely. To win the hacker needed local access to the machine. For his hack to work, it required somebody manually navigating to a site with malicious content.

For this hack to work in the real world, you would need to physically click a link to the malicious site somehow (in an email maybe, or a link via IM or whatever). Social Engineering. It relies on the ignorance of the computer user to do the hacker's job for him, because he can't do it himself.

Can your Mac get hacked remotely? No.

Will the hacker drive to your house and personally point your web browser to his site to infect your Mac? Not likely.

Make of that what you will.

Physical contact with the machine doesn't count. Now if this Windows bug required that, then at most, we can slag on MS for living up to their lousy reputation, but it's no cause to call the bug dangerous.

If you want to bring that Snow Leopard bug into the mix - which got a ton of attention precisely because it was so uncharacteristic of Apple (and which was patched in due course) - that's an entirely different situation. To ever fall prey to that required the user to execute a specific set of actions, and even then the probability of data deletion was incredibly low. Even if you tried to deliberately activate the bug, chances are your data would still be there. The bug existed, but whether it deleted your data on your main account or simply broke your direct access to it was unclear. Nor did the bug affect everyone who had a Guest account in 10.5. Most were not able to in any way, shape or form reproduce the bug.

Anyway, when a serious Apple bug surfaces it's a strange anomaly. The stars have to be aligned a certain way. When a serious Windows bug surfaces, it's business as usual.

Reputation is everything.