Re: SP2 Security Holes

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Miss Perspicacia Tick (misstick_at_lancre.dw)
Date: 08/23/04 

Date: Tue, 24 Aug 2004 00:09:20 +0100

Tom Porterfield wrote:
> TedK wrote:
>> The following sight is a write up discussing two security holes
>> found in SP2 by German research firm Heise Security:
>>
>> http://www.internetnews.com/security/article.php/3396761
>>
>> Any comments from MVPs on this?
>
> Let's look at these one at a time, as two issues are raised here. In
> the first, the steps to become at risk are to save a file from the
> internet or e-mail attachment. The risk here is that it could be any
> type of file, including an image file. Then open a command window and
> drag the file to the command window. Then hit enter. At that point
> the file would be executed. A fair amount of user interaction is
> required here for this exploit to work. There is no known automatic
> way to carry out the exploit. While there is some risk, and it
> mostly comes from the fact that the command processor (cmd.exe) will
> execute any file based on content rather than extension and ignore
> the zoneid, I don't think most users will be gullible enough to
> follow the precise sequence of events necessary to expose their
> systems.
> In the second, even the Heise site states:
>
> "Exploiting this issue requires the ability to overwrite existing
> files which have a trusted or non-existant ZoneID. Right now there is
> no known way to achieve this in an attack mounted from the Internet."
>
> They admit right there that this is only a theoretical risk as there
> is no known way to pull it off. Someone would already require control of
> your machine to pull this off and fool you into executing a file that
> you thought was safe. If they already have control of your machine
> you've already lost and there is nothing you can do to prevent worse
> activity than is described in the article.
>
> Neither one of these issues are new with SP2. I guess the point is
> that neither is "patched" by SP2 either. MS has gone a long way with
> SP2 in making Windows XP more secure. It isn't perfect, nothing is.
> People need to still be wary about any file received from the internet or
> in
> e-mail. Always verify the source no matter how innocent things may
> appear.

Or, to put it another way, Windows XP wasn't designed for AOHELL users...
;o) <eg>. 

-- 
My great-grandfather was born and raised in Elgin - did he eventually
lose his marbles?

Relevant Pages

  • Re: SP2 Security Holes
    ... > internet or e-mail attachment. ... The risk here is that it could be any ... > drag the file to the command window. ... > fact that the command processor will execute any file based on ...
    (microsoft.public.windowsxp.basics)
  • Re: Security
    ... help to get a little perspective on risk. ... Life is a risky business - no one gets out alive! ... internet is trivial by comparison. ... "ordinary" surfing including some high-risk surfing ...
    (alt.computer.security)
  • Re: [Full-Disclosure] Global HIGH Security Risk
    ... Basically you can't post any vuln without some risk attached, court rulings ... Internet is bound by US law. ... Global HIGH Security Risk ...
    (Full-Disclosure)
  • Re: [opensuse] Goodbye to suse and why not stay, The Linux Wall
    ... imagine an internet where all users know what they're doing... ... be the responsibility of a technology consumer. ... It's a sad fact that right now computing is so immature and yet so ... unwittingly exposing themselves to all manner of risk and hazard. ...
    (SuSE)
  • Re: comp.arch has made itself a sitting duck for spam
    ... practice of the industry favors farming the risk out--to the end buyer. ... Perhaps that's because the buyers accept the risk in preference to paying ... You bang on about everyone having to use the internet for ... look to the telephone network. ...
    (comp.arch)