| New User, Welcome! Login |
Next Page >>
Windows XP
>
>> Is not that a simple design decission? (truly brain-dead, but a
>> conscious decission).
>
> David, it's very bad design decision. As for Microsoft (if we will be
> claiming that it's hole in Windows XP), as for Acer (because they use
> their own program for first OS initialization process, so it's
> definitely vulnerability in Acer).
>
> And also for Asus - recently I wrote to bugtraq about similar
> vulnerability in Asus notebook.
> Is not that a simple design decission? (truly brain-dead, but a conscious
> decission).
David, it's very bad design decision. As for Microsoft (if we will be
claiming that it's hole in Windows XP), as for Acer (because they use their
own program for first OS initialization process, so it's definitely
vulnerability in Acer).
And also for Asus - recently I wrote to bugtraq about similar vulnerability
in Asus notebook.
Microsoft Security Bulletin MS09-048 - Critical: Vulnerabilities in
Windows TCP/IP Could Allow Remote Code Execution (967723):
http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx
<P><B>If Windows XP is listed as an affected product, why is Microsoft
not issuing an update for it?</B><BR>By default, Windows XP Service Pack
2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition
Service Pack 2 do not have a listening service configured in the client
firewall and are therefore not affected by this vulnerability. Windows
XP Service Pack 2 and later operating systems include a stateful host
MustLive wrote:
> Hello Susan!
>
> If Microsoft did it, than it's good. But better for my opinion to do
> such as
> in Windows XP Professional - not to disable admin account by default,
> but to
> make password of default admin account similar to password of first admin
> (during installation process). Because if default admin account will be
> enabled later (with empty password) and will forget to set new password,
> than it'll be much worse.
Hello Susan!
If Microsoft did it, than it's good. But better for my opinion to do such as
in Windows XP Professional - not to disable admin account by default, but to
make password of default admin account similar to password of first admin
(during installation process). Because if default admin account will be
enabled later (with empty password) and will forget to set new password,
than it'll be much worse.
I'm not using Vista, so I can't check this issue on any of my computers. And
> ----------------------------------------------------------------------------
>
> Help and Support Centre is the default application provided to access online
> documentation for Microsoft Windows. Microsoft supports accessing help documents
> directly via URLs by installing a protocol handler for the scheme "hcp",
> a typical example is provided in the Windows XP Command Line Reference,
> available at http://technet.microsoft.com/en-us/library/bb490918.aspx.
>
> Using hcp:// URLs is intended to be safe, as when invoked via the registered
> protocol handler the command line parameter /fromhcp is passed to the help
> centre application. This flag switches the help centre into a restricted mode,
----------------------------------------------------------------------------
Help and Support Centre is the default application provided to access online
documentation for Microsoft Windows. Microsoft supports accessing help documents
directly via URLs by installing a protocol handler for the scheme "hcp",
a typical example is provided in the Windows XP Command Line Reference,
available at http://technet.microsoft.com/en-us/library/bb490918.aspx.
Using hcp:// URLs is intended to be safe, as when invoked via the registered
protocol handler the command line parameter /fromhcp is passed to the help
centre application. This flag switches the help centre into a restricted mode,
>
> Testing was successfully performed using Java(TM)
> SE Runtime Environment (build 1.6.0_21-b07) and the
> following browsers:
>
> - Mozilla Firefox 3.5.8 (Windows XP)
> - Opera 10.60 (Windows XP)
> - Internet Explorer 6.0.2900.5512 (Windows XP)
> - Google Chrome 5.0.375.9 (Windows XP)
> - Internet Explorer 8.0.6001.18702 (Windows XP)
> - Safari 5.0 (7533.16) (Windows XP)
----------------------------------------------------------------------------
Help and Support Centre is the default application provided to access online
documentation for Microsoft Windows. Microsoft supports accessing help documents
directly via URLs by installing a protocol handler for the scheme "hcp",
a typical example is provided in the Windows XP Command Line Reference,
available at http://technet.microsoft.com/en-us/library/bb490918.aspx.
Using hcp:// URLs is intended to be safe, as when invoked via the registered
protocol handler the command line parameter /fromhcp is passed to the help
centre application. This flag switches the help centre into a restricted mode,
Testing was successfully performed using Java(TM)
SE Runtime Environment (build 1.6.0_21-b07) and the
following browsers:
- Mozilla Firefox 3.5.8 (Windows XP)
- Opera 10.60 (Windows XP)
- Internet Explorer 6.0.2900.5512 (Windows XP)
- Google Chrome 5.0.375.9 (Windows XP)
- Internet Explorer 8.0.6001.18702 (Windows XP)
- Safari 5.0 (7533.16) (Windows XP)
A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code.
References: None
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- -> HP OpenView Network Node Manager (OV NNM) v6.41, v7.01, v7.50, v7.51 running XPL earlier than 03.10.040 on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP, and Linux
BACKGROUND
For a PGP signed version of this security bulletin please write to: security-alert@hp.com
The Hewlett-Packard Company thanks Cody Pierce of TippingPoint DV Labs (dvlabs.tippingpoint.com) for reporting this vulnerability to security-alert@hp.com.
Affected Products:
Product: RSA Authentication Agent for Microsoft Windows version 7.1
Platforms: Windows XP and Windows 2003
Product: RSA Authentication Client 3.5
Platforms: Windows XP and Windows 2003
A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code.
References: CVE-2007-3872
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v6.41, v7.01, v7.50, v7.51 running XPL earlier than 03.10.040 on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP, and Linux
BACKGROUND
CVSS 2.0 Base Metrics
===============================================
Jeroen
-----Original Message-----
From: Andrew Barkley <barkley@usa.net>
To: Jeroen <nowhereman@moenen.org>
Subject: Re: Circumventing Critical Security in Windows XP
Date: Sat, 20 Feb 2010 04:20:46 -0000
Hi,
1) Introduction
===========
"Novell Client™ 4.91 for Windows XP is workstation software that brings an easy-to-use, secure,
and manageable networking environment to Windows XP and Windows 2003 users.
It enables you to access NetWare® services from Windows XP workstations or 2003 Windows servers,
and tightly integrates either product into your NetWare network. For example,
with Novell Client for Windows XP, you can browse through authorized NetWare directories,
transfer files, print documents and use advanced NetWare services directly from a Windows XP workstation or Windows Server 2003."
Both ingredients provide for an exploitable heap corruption as attackers
control how much data is allocated on the heap and also how much data
is copied into the allocated buffer. It was possible to successfully
exploit this issue on the following Windows versions:
- Windows XP Professional SP3 32-bit (with 4GB RAM)
- Windows Vista Home Premium SP2 32-bit
- Windows Vista Business SP2 32-bit and 64-bit
- Windows 7 Home Premium SP1 64-bit
- Windows 7 Professional SP1 64-bit
- Windows 7 Enterprise SP1 32-bit and 64-bit
> >> The quote that stands out most for me:
> >> <snip>
> >> During the Q&A, however, Windows users repeatedly asked Microsoft's
> >> security team to explain why it wasn't patching XP, or if, in
> certain
> >> scenarios, their machines might be at risk. "We still use Windows XP
> >> and we do not use Windows Firewall," read one of the user questions.
> >> "We use a third-party vendor firewall product. Even assuming that we
> >> use the Windows Firewall, if there are services listening, such as
> >> remote desktop, wouldn't then Windows XP be vulnerable to this?"
> >>
Application: Microsoft Outlook Express
Microsoft Windows Mail
Platforms: Windows 2000
Windows XP
Windows Vista
Windows server 2003
Windows Server 2008 SR2
Exploitation: Remote Exploitable
>>>> security team to explain why it wasn't patching XP, or if, in
>>>>
>> certain
>>
>>>> scenarios, their machines might be at risk. "We still use Windows
XP
>>>> and we do not use Windows Firewall," read one of the user
questions.
>>>> "We use a third-party vendor firewall product. Even assuming that
we
>>>> use the Windows Firewall, if there are services listening, such as
>>>> During the Q&A, however, Windows users repeatedly asked Microsoft's
>>>> security team to explain why it wasn't patching XP, or if, in
>>>>
>> certain
>>
>>>> scenarios, their machines might be at risk. "We still use Windows XP
>>>> and we do not use Windows Firewall," read one of the user questions.
>>>> "We use a third-party vendor firewall product. Even assuming that we
>>>> use the Windows Firewall, if there are services listening, such as
>>>> remote desktop, wouldn't then Windows XP be vulnerable to this?"
>>>>
>
> The quote that stands out most for me:
> <snip>
> During the Q&A, however, Windows users repeatedly asked Microsoft's
> security team to explain why it wasn't patching XP, or if, in certain
> scenarios, their machines might be at risk. "We still use Windows XP
> and we do not use Windows Firewall," read one of the user questions.
> "We use a third-party vendor firewall product. Even assuming that we
> use the Windows Firewall, if there are services listening, such as
> remote desktop, wouldn't then Windows XP be vulnerable to this?"
>
text/plain. If the deployment manifest is opened (i.e. using Windows
Explorer), the warning is shown.
Permissions in the Local Machine security zone
Prior to Windows XP Service Pack 2 if a web page was loaded in the Local
Machine security zone, it was granted full privileges. For example, it
could read local files or worse invoke an unsafe ActiveX control and
gain full control of the target machine. In Service Pack 2, Microsoft
introduced the Local Machine Zone Lockdown that greatly reduced the
privileges of web pages running in the Local Machine zone. With
The quote that stands out most for me:
<snip>
During the Q&A, however, Windows users repeatedly asked Microsoft's
security team to explain why it wasn't patching XP, or if, in certain
scenarios, their machines might be at risk. "We still use Windows XP and
we do not use Windows Firewall," read one of the user questions. "We use
a third-party vendor firewall product. Even assuming that we use the
Windows Firewall, if there are services listening, such as remote
desktop, wouldn't then Windows XP be vulnerable to this?"
>>>> security team to explain why it wasn't patching XP, or if, in
>>>>
>> certain
>>
>>>> scenarios, their machines might be at risk. "We still use Windows
XP
>>>> and we do not use Windows Firewall," read one of the user
questions.
>>>> "We use a third-party vendor firewall product. Even assuming that
we
>>>> use the Windows Firewall, if there are services listening, such as
>
> The quote that stands out most for me:
> <snip>
> During the Q&A, however, Windows users repeatedly asked Microsoft's
> security team to explain why it wasn't patching XP, or if, in certain
> scenarios, their machines might be at risk. "We still use Windows XP
> and
> we do not use Windows Firewall," read one of the user questions. "We
> use
> a third-party vendor firewall product. Even assuming that we use the
> Windows Firewall, if there are services listening, such as remote
Thanks for the link. The problem here is that not enough information is given, and what IS given is obviously watered down to the point of being ineffective.
The quote that stands out most for me:
<snip>
During the Q&A, however, Windows users repeatedly asked Microsoft's security team to explain why it wasn't patching XP, or if, in certain scenarios, their machines might be at risk. "We still use Windows XP and we do not use Windows Firewall," read one of the user questions. "We use a third-party vendor firewall product. Even assuming that we use the Windows Firewall, if there are services listening, such as remote desktop, wouldn't then Windows XP be vulnerable to this?"
"Servers are a more likely target for this attack, and your firewall should provide additional protections against external exploits," replied Stone and Bryant.
</snip>
If an employee managing a product that my company owned gave answers like that to a public interview with Computerworld, they would be in deep doo. First off, my default install of XP Pro SP2 has remote assistance inbound, and once you join to a domain, you obviously accept necessary domain traffic. This "no inbound traffic by default so you are not vulnerable" line is crap. It was a direct question - "If RDP is allowed through the firewall, are we vulnerable?" A:"Great question. Yes, servers are the target. A firewall should provide added protection, maybe. Rumor is that's what they are for. Not sure really. What was the question again?"
>>
>> The quote that stands out most for me:
>> <snip>
>> During the Q&A, however, Windows users repeatedly asked Microsoft's
>> security team to explain why it wasn't patching XP, or if, in certain
>> scenarios, their machines might be at risk. "We still use Windows XP
>> and we do not use Windows Firewall," read one of the user questions.
>> "We use a third-party vendor firewall product. Even assuming that we
>> use the Windows Firewall, if there are services listening, such as
>> remote desktop, wouldn't then Windows XP be vulnerable to this?"
>>
A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code.
References: None
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v6.41, v7.01, v7.50 running XPL earlier than 03.10.040 on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP, and Linux
BACKGROUND
The Hewlett-Packard Company thanks Cody Pierce of TippingPoint DV Labs (dvlabs.tippingpoint.com) for reporting this vulnerability to security-alert@hp.com.
machine) to plant a malicious executable with a specific name on the local
drive and wait for this executable to get launched when another user logs
on to the virtual machine.
While this scenario is usually blocked on default VMware Tools'
installations on Windows XP, Windows Vista and Windows 7 due to the
default file system ACLs, a non-administrative local attacker can launch
the attack against virtual machines where VMware Tools were installed on
non-default locations, e.g., on a non-system drive. Additionally, the
attack is always possible on pre- Windows XP systems such as Windows 2000.
Microsoft Corporation
AFFECTED ENVIRONMENTS
---------------------
Internet Explorer 7.0 on Windows XP and Windows Vista
Internet Explorer 8.0 on Windows XP, Windows Vista, and Windows 7
Internet Explorer 9.0.0 through 9.0.8 (MS12-044) on Windows Vista and Windows 7
Other versions of Internet Explorer have not been tested.
Next Page>>
|
|
|
