TG00Premium
join:2001-09-22
Long Island | Microsoft announces Security Flaws in XP I just saw this at AOL's Breaking Hourly News...I also posted it in the MS forum..
Windows Vulnerable to Hack Attacks
By TED BRIDIS
.c The Associated Press
WASHINGTON (AP) - Microsoft's newest version of Windows, billed as the most secure ever, contains several serious flaws that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The company released a free fix Thursday.
A Microsoft official acknowledged that the risk to consumers was unprecedented because the glitches allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.
Microsoft made available on its Web site a free fix for both home and professional editions of Windows XP and forcefully urged consumers to install it immediately.
The flaws, discovered five weeks ago by independent security researchers, threatened to undermine widespread adoption of Microsoft's latest Windows software, which many hope will be an economic catalyst for the sagging technology industry.
The company sold more than 7 million copies of Windows XP in the two weeks after it hit stores Oct. 25.
The vulnerabilities were discovered by three young security researchers with eEye Digital Security Inc. of Aliso Viejo, Calif., led by Marc Maiffret, a 21-year-old former hacker. In recent months, Maiffret, who calls himself the firm's ``chief hacking officer,'' has advised the FBI and the White House on Internet security questions and testified before Congress.
The Windows XP problems affect a little-used feature that eventually will allow consumers to control high-tech household appliances using their computers. Called ``universal plug and play,'' the feature is activated by design in every copy of Windows XP and can be added manually to Microsoft's earlier Windows ME software, also used by millions of consumers worldwide.
``This is the first network-based, remote compromise that I'm aware of for Windows desktop systems,'' said Scott Culp, manager of Microsoft's security response center. ``Every Windows XP user needs to immediately take action.'' He called it a ``very serious vulnerability.''
Microsoft said a new feature of Windows XP, known as ``drizzle,'' can automatically download the free fix, which takes several minutes to download, and prompt consumers to install it. Microsoft also is working with other software companies, such as leading antivirus and firewall vendors, to build protection into their products.
Maiffret and his researchers demonstrated the flaws for The Associated Press by hacking into a reporter's laptop running Windows XP from 2,300 miles away and successfully instructing the computer to connect automatically several times to the Web site for the National Security Agency, the government's super-secret spy agency.
Microsoft and Maiffret said there was no suggestion that anyone has used these flaws to break into any computers; Maiffret predicted that many hackers will be able to duplicate his firm's research - and begin breaking into unprotected computers - ``a couple months from now.''
Microsoft feared that hackers could exploit the flaws more quickly if eEye discloses too many details about its findings. Leading up to the public announcement, Culp said, those researchers behaved ``exactly right'' by quietly notifying Microsoft.
Riley Hassell, eEye's self-described ``network penetration specialist,'' discovered methods for hackers to either disrupt a victim's Windows XP computer, order it to attack other Internet users or instruct it to run commands - such as to delete or steal files or install rogue software.
``This is very serious,'' said Maiffret. Hackers using these methods ``could reformat your hard-drive, record your keystrokes,'' he added.
Hackers could attack individual computers directly, though the flaws also allow hackers to transmit an attack to a single Internet address and strike all the nearby Windows XP computers within a corporation or neighborhood. Microsoft said companies and Internet providers can reduce the threat by properly configuring their Internet traffic-directing devices, called routers.
The flaws are particularly embarrassing to Microsoft because their discovery falls so close to Christmas and because of the company's commercial emphasis on improved security in Windows XP. The company boasts as one of 10 reasons for technology experts to buy Windows XP the promise of a ``safe, secure and private computing experience.''
``This is the most secure version of Windows we have ever released,'' said Culp, adding that complex software ``will always fall short of perfection.''
One of the problems disclosed Thursday belongs to a category of software flaws known as ``buffer overflows,'' which can trick software into accepting dangerous commands. Another is the result of broader design problems with universal plug and play technology.
Just last week, Microsoft's corporate security officer, Howard Schmidt, expressed frustration about continuing threats from overflows. ``I'm still amazed that we allow these things to occur,'' he said at a conference of technology executives. Schmidt is expected soon to resign from Microsoft to work for President Bush's top computer security adviser.
AP-NY-12-20-01 1333EST |
|
| »Microsoft Security Bulletin MS01-059 |
|
|
|
TG00Premium
join:2001-09-22
Long Island | Yea, that wasn't posted when I posted but I see it was right after I did...Glad to see others are also aware of it.. |
|
| reply to TG00
Mitigating Factors:
====================
General:
- Standard firewalling practices (specifically, blocking ports
1900 and 5000) could be used to protect corporate networks
from Internet-based attacks.
Windows 98 and 98SE:
- There is no native UPnP support for these systems. Windows 98
and 98SE systems would only be affected if the Internet Connection
Sharing Client from Windows XP had been installed on the system.
- Windows 98 and 98SE machines that have installed the Internet
Connection Sharing client from a Windows XP system that has
already applied this patch are not vulnerable.
Windows ME:
- Windows ME provides native UPnP support, but it is neither
installed nor running by default. (However, some OEMs do
configure pre-built systems with the service installed and
running).
Windows XP:
- Internet Connection Firewall, which runs by default, would make it
significantly more difficult for an attacker to determine the IP
address of an affected machine. This could impede an attacker's
ability to attack a machine via unicast messages. However, attacks
via multicast or broadcast would still be possible.
Risk Rating:
============
Buffer Overrun:
- Internet servers: None
- Intranet servers: None
- Client systems: Critical for Windows XP, moderate for Windows 98,
Windows 98SE and Windows ME
Denial of service:
- Internet servers: None
- Intranet servers: None
- Client systems: Moderate
Aggregate risk:
- Internet servers: None
- Intranet servers: None
- Client systems: Critical for Windows XP, moderate for Windows 98,
Windows 98SE and Windows ME
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletin at
»www.microsoft.com/technet/securi···-059.asp
for information on obtaining this patch.
Happy Holidays |
|
 bjf123We Want... A ShrubberyPremium
join:2000-02-11
Hamilton, OH | said by roberteyewhy:
Windows ME:
- Windows ME provides native UPnP support, but it is neither installed nor running by default. (However, some OEMs do configure pre-built systems with the service installed and running).
How can I tell if it's been activated on my system?
--
Golf is a relatively simple game, played by reasonably intelligent people, stupidly. |
|
 VampirefoPremium,MVM
join:2000-12-11
Huntington, WV
kudos:1
| Is port 5000 listening? if so it's activated.
[text was edited by author 2001-12-20 15:47:09] |
|
bjf123We Want... A ShrubberyPremium
join:2000-02-11
Hamilton, OH | I did a netstat -an, and sure enough, there's port 5000 listening, along with ports 1026, 515, 1311, 135, 1459, 1460, and 1275. Looks like I'll be downloading the patch. Thanks.
--
Golf is a relatively simple game, played by reasonably intelligent people, stupidly. |
|
| said by bjf123:
I did a netstat -an, and sure enough, there's port 5000 listening, along with ports 1026, 515, 1311, 135, 1459, 1460, and 1275. Looks like I'll be downloading the patch. Thanks.
I think Port 1900 should be listening in addition to Port 5000.
Either way, I would recommend patching ME even if UPnP is currently disabled. (You never know if you'll ever want to enable it).
I think UPnP can be enabled/disabled, via a Control Panel Applet (not 100% sure on that - as I don't use ME). |
|
 Doctor FourMy other vehicle is a TARDISPremium
join:2000-09-05
Dallas, TX | reply to TG00
This latest security flaw is significant enough that
it was mentioned at the top of the hour CBS radio news
update, and has caused Microsoft's stock to drop today.
Although the problem that Steve Gibson described as a
security flaw in XP (raw socket capability) is unrelated,
I have to wonder if he's saying "see, I told you so."
--
"The trouble with computers, of course, is that they're
very sophisticated idiots." -
Doctor Who
|
|
| reply to TG00
M$ stinks... Yet an other reason to move to Linux... 
OK folks, how many vulnerabilities there has been in DEFAULT configuration of Windows/Internet Explorer/Outlook Express in this year that would allow someone to gain access to persons computer or execute malicuos programs via internet?
Too many. Too damm many I say.
And am I a bit paranoid to say some of them where placed there on purpose? Dont think so.
--
My privacy related homepage & PGP keys:»www.markusjansson.net |
|
| reply to bjf123
Re: Microsoft announces Security Flaws in XP said by bjf123:
How can I tell if it's been activated on my system?
You can uncheck it in add/remove, Windows setup under communications. |
|
 guyver01In Brightest Day
join:2001-01-04
Littleton, CO
| Under WinXP Pro it's
Add/Remove Programs -->
Add/Remove Windows Components -->
Networking Services ---> Details -->
That Gives You Universal Plug & Play
--
One only appreciates the beauty of the mountain top when one has experienced the agony of the climb 
Said by DSLR member HAZE in the RoadRunner forum.
[text was edited by author 2001-12-20 17:19:51] |
|
jbibePremium,MVM
join:2001-02-22
| In WinXP Home, removing the Universal Plug and Play check mark in Communications will not close ports 1900 and 5000 in most cases. Based on my experience, you must also disable the SSDP Discovery service and the Universal Plug and Play service.
[text was edited by author 2001-12-20 17:43:56] |
|
 jw55505Fish HeadPremium
join:2001-11-28
Mechanicsville, VA
| reply to TG00
Here's the NTBugTraq article on this.
Multiple Remote Windows XP/ME/98 Vulnerabilities
[text was edited by author 2001-12-20 17:34:10] |
|
| reply to TG00
Re: 7MM DDoS zombies now on-line Here's the first SSDP probe I've seen:
»www.mynetwatchman.com/mynetwatch···ID=65134
Note that the source IP is a private IP...this is possible since this a UDP-based vulnerability...thus exploitable from a spoofed source IPs.
This is going to get ugly, real fast.
We now have 7MM DDoS zombies on the net.
--
Lawrence Baldwin
»www.myNetWatchman.com
Automatic Port Scan Reporting |
|
 bleys4uPremium
join:2000-11-08
Philadelphia, PA | reply to TG00
Re: Microsoft announces Security Flaws in XP did anyone not expect xp to be vulnerable lol..after all its windoz
--
just another jon..working for a cure »teamhelix.tripod.com/ |
|
| reply to TG00
OK... am I missing something?
I downloaded and installed the MS update.
But when I run netstat I still show port 5000 open at 0.0.0.0 and port 1900 at a UDP address.
Win ME.
What's the deal?
--
"Am I a dog? That you should come to me with sticks?" --Said to David, by a certain Philistine, named Goliath-- |
|
| said by head_spaz:
OK... am I missing something?
I downloaded and installed the MS update.
But when I run netstat I still show port 5000 open at 0.0.0.0 and port 1900 at a UDP address.
Win ME.
What's the deal?
The patch doesn't disable UPnP. It simply handles the vulnerability, in the event that you do run UPnP.
Patched or unpatched... if you have UPnP running, then 1900 and 5000 will be listening. With it patched, it just means the vulnerability no longer exists on your PC.
|
|
 bodopPremium
join:2001-04-25
Aylmer, QC | reply to TG00
Another M$ mess.
Here is the patch from MS.
»www.microsoft.com/technet/treevi···-059.asp |
|
| reply to Murray3
Oh... ok.
Thanks.
Is there a more definitive test then?
Running the patch is fine... but how to test to see if it's actually working?
--
"Am I a dog? That you should come to me with sticks?" --Said to David, by a certain Philistine, named Goliath-- |
|
