Windows versions
----------------------------------------------------------------------------------------------------
Benchmarking attacks and major security weakness on all recent Windows versions up to Windows 2008
----------------------------------------------------------------------------------------------------
+ Author: Fabien KERBOUCI
+ Version/Date: 27/01/2009
+ Keywords: [ benchmark timing benchmarking attacks Windows runas vulnerability password length ]
Get a more detailed version of this advisory with complete tutorial and video in Haking9 Magazine
of May 2009.
- Developing Fuzzers with Peach - Michael Eddington, Leviathan Security
- Cyber Attacks Against Japan - Hiroshi Kawaguchi, LAC
- Windows Localization: Owning Asian Windows Versions - Kostya Kortchinsky,
Immunity
- TOMOYO Linux - Toshiharu Harada, NTT Data
- IPV6 Demystified - Jun-ichiro itojun Hagino , IPv6Samurais
*Vulnerable Packages*
. Sun xVM VirtualBox 1.6.2.
. Sun xVM VirtualBox 1.6.0.
. This issue only occurs in the Microsoft Windows versions of xVM
VirtualBox.
*Non-vulnerable Packages*
________________________________________________________________________
Vendors: Cisco, Juniper, Microsoft, FreeBSD
Affected Products: All Cisco IOS ASA with firmware < November 2010
All Netscreen versions
All Windows versions
All FreeBSD version
Vulnerability: ICMPv6 Router Announcement flooding denial of service
Severity: 7.8 (CVE CVSS Score), local network
CVEs: CVE-2010-4670, CVE-2010-4671, CVE-2010-4669
Abstract
Microsoft Windows is prone to a remote Kernel Denial of Service due to the way srv.sys handles malformed WRITE_ANDX SMB packets.
Remote attackers could exploit this issue without having valid credentials on the target machine. In order to achieve a successful exploitation, the attacker needs enough privileges to remotely send WRITE_ANDX packets to an interface that uses a Named Pipe as endpoint. Those interfaces that allow NULL Sessions vary between Windows versions, in Vista the reliability of a preauth attack through the “\LSARPC” has been successfully demonstrated.
Affected versions
Theorically verified on: Windows 2000, XP, Server 2003, Vista, Server 2008.
Successfully exploited on: Microsoft Windows Vista SP1 with latest security updates.
*Vulnerable Packages*
. Borland Interbase 2007 Service Pack 2 (8.1.0.256), Solaris and Windows
versions.
*Non-vulnerable Packages*
. None currently available (see vendor information below).
This vulnerability has been resolved in CiscoWorks Common Services
version 4.0 and in the following software patches:
cwcs33-sol-CSCti41352.tar - for Oracle Solaris versions
cwcs33-win-CSCti41352.zip - for Microsoft Windows versions
These CiscoWorks Common Services patches can be downloaded from:
http://tools.cisco.com/support/downloads/pub/Redirect.x?mdfid=268439477
same thing that IAM and WHOSTHERE do but using a slightly different technique,
aiming at making the tool work on more systems without requiring users to
modify the source code of iam/whosthere (or wait for the next version:)).
The good thing about this 'alt' version of the iam/whosthere tools is that
they SHOULD work on more windows versions without modifications.
The 'bad' thing is that both tools need to execute code inside lsass.exe.
The tools basically use the functions MSV1_0.DLL!NlpDeletePrimaryCredential,
MSV1_0.DLL!NlpAddPrimaryCredential, and MSV1_0.DLL!NlpGetPrimaryCredential;
these are the functions gsecdump uses (if I'm not mistaken).
The current heuristics used to find the functions inside MSV1_0.DLL is horrible
This vulnerability has been corrected in CiscoWorks Common Services
version 3.2 and in the following software patches:
cwcs3.x-sol-CSCsm77245-0.tar.gz - for Solaris versions
cwcs3.x-win-CSCsm77245-0.zip - for Windows versions
The CiscoWorks Common Services patches can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-cd-one
SWsoft Plesk for Windows - SQL Injection Vulnerability
Date: 9-11-07
Vendor: www.swsoft.com
Package: Plesk for Windows
Versions: v7.6.1, v8.1.0, v8.1.1, v8.2.0
Vendor Demo: https://plesk8.1win.demo.swsoft.com:8443/login.php3
Credit: Nick I Merritt
Risk:
Related Exploit Range: Remote
~ vulnerabilities.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2007-5618 to this issue.
~ Windows versions of Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Data Protector Express 3.x and 4.x and HP Data Protector
Express Single Server Edition (SSE) 3.x and 4.x running on supported Microsoft Windows versions. The vulnerability could be
exploited locally to create a Denial of Service (DoS) or to execute arbitrary code.
References: CVE-2010-3008, ZDI-CAN 582
Hello,
In the course of the Windows 7 RTM release, the Security Research Lab would like to share some results on firewire/DMA based hacks and Windows 7, which is susceptible to such attacks.
While the attack vector itself is already known from previous Windows versions, we also describe the impact of Firewire-based Windows authentication bypassing on Microsoft's full-disk encryption solution BitLocker, the Encrypted File System (EFS) and Windows domains. A comprehensive section on countermeasures on different layers concludes this whitepaper, which can be downloaded from:
http://www.securityresearch.at/publications/windows7_firewire_physical_attacks.pdf
Moreover, we have developed a software solution to protect against Firewire-based physical security attacks on Windows systems which is discussed in a separate whitepaper:
Dec 08, 2009
I. BACKGROUND
WordPad is the default text editing application included with nearly all
Windows versions since Windows 95. The Word97 converter is used to
convert Word documents into the format used by WordPad, and is present
in all current versions of WordPad except Vista and Server 2008.
II. DESCRIPTION
1) Affected Software
McAfee E-Business Server for Linux version 8.1.1.
NOTE: Other versions may also be affected. However, while the usage is
identical between the Linux and Windows versions of E-Business server,
Windows is not vulnerable due to the differing socket implementations.
======================================================================
2) Severity
|
