 Major Flaw In .ani File Found In Windows 98 Through Vista Creates Major Security Risk, Vista Aint that Secure at all |
|
|
|
|
  |
 Mar 31 2007, 05:27 PM
Post
#1
|
|
|
$p4m 0n j00 $h4m3 m3 0nc3 $p4m 0n m3 $h4m3 m3 7\/\/1c3  Group: [HOSTED] Posts: 6,313 Joined: 21-September 04 From: 9r33|\| 399$ 4|\|D 5P4/\/\ Member No.: 1,218   |
I was able to browse around this and found it interesting since this vunerability is found in 4 Microsoft Operating Sytems, Windows 2000, Windows XP, Windows Vista, Windows 2003 Server. From the article Microsoft stated that their is a hole in the .ani files, which happen to be related tothe mouse cursor, when the mouse icon changes depending on what you do. They only mention that with this flaw it always hackers to break into someone computer and do their thing. But in another article relating to this attack it was mention that in order for this to happen a user has to go to a specific website or open a email that will trigger this.
QUOTE "In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or e-mail attachment sent to them by an attacker," Adrian Stone from Microsoft's Security Response Center, wrote in an official advisory. They are currently working on the patch, however, they don't have a time table of when it will be released. But another company called eEye Digital has put out a temporary patch for this vunerability until the more secure patch is provided. Also Microsoft has added to their live one care program to look for software that targets this security hole. Original Source Here Here This post has been edited by jlhaslip: Apr 6 2007, 03:16 PM |
 |
 
|
|
Mar 31 2007, 05:42 PM
Post
#2
|
|
|
A computer once beat me at chess, but it was no match for me at kick boxing.  Group: [MODERATOR] Posts: 3,882 Joined: 24-July 05 From: In Trouble Again... still? Member No.: 9,787  |
Sheesh, that pretty much covers the whole range of currently supported operating Systems.
Is there and end to these Security leaks? Not in the foreseeable future. And who has the time and resources to find the procedures to make these 'holes' appear? They need to get a life outside of the Web. Any indication as to how serious or common this breach is? How many users have an animated cursor by default? or do you simply need to have a spinning hourglass while you are waiting for a download? Those are animated by default. I'm downloading the patch, since every download on the 'net uses that animated cursor. *edit* The download is a full anti-virus software. I didn't install it, so I cannot express an opinion about the package. |
|
|
|
|
Mar 31 2007, 10:10 PM
Post
#3
|
|
|
Super Member Group: Members Posts: 397 Joined: 9-June 06 From: Wisconsin Member No.: 24,924 |
Another security vulnverability? This is just sad. The amount of holes they have in their systems and the time it takes to fix them is just not good at all. This is one of the reasons I switched to using Linux. Windows runs really slow on my computer. I have only had one problem is the fact that my browser sometiems randomly closes, but with the increased speed on my computer it is worth it. Hopefully there aren't too many more vulnerabilities. Its saddening hearing about all of them.
|
|
|
|
|
Apr 2 2007, 06:13 PM
Post
#4
|
|
|
$p4m 0n j00 $h4m3 m3 0nc3 $p4m 0n m3 $h4m3 m3 7\/\/1c3 Group: [HOSTED] Posts: 6,313 Joined: 21-September 04 From: 9r33|\| 399$ 4|\|D 5P4/\/\ Member No.: 1,218 |
To give a small update, micrsoft plans to upload a patch tomorrow, because of how quickly they were able to figure it out and patch it up. From reading the updated article about this exploit it looks like if soemone had the right skills they could load up a worm and do some damage. They also comfirm that in order for this exploit to happen you would have to be on a website that is programmed to use this exploit and or open a link through a "well crafted" email. So it will be a good idea for you Windows to patch this exploit, since it is spread across 4 Windows OS's.
Source Here for a minor update about this wonder exploit it looks like someone programmed a worm for it over the weekend and that 100 websites are being monitored for the actual spreading of this exploit in the windows OS. It’s funny that they don’t mention them so people will know what sites not to go to. For all we know someone could ad spoof Microsoft’s website  .Whats funny Microsoft says they can’t garuntee that this patch will work, I would say that is the most stupidest thing they could have mention but of course Microsoft says a bunch of stupid stuff these days. Here is updated info about what this exploit can do and what not. QUOTE "Currently, the majority of the attacks appear to be downloading and installing generic password-stealing code," Websense reported on its blog. "Most sites are hosted in China. Interestingly, the most popular domain space being used is .com." The .ANI vulnerability lies in the way Windows handles malformed animated cursor files and could enable a hacker to remotely take control of an infected system. The bug affects all the recent Windows releases, including its highly-touted Vista operating system. Internet Explorer is the main attack vector for the exploits. "In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability, view a specially crafted e-mail message, or open a specially crafted e-mail attachment sent to them by an attacker," Adrian Stone, a Microsoft researcher, said in a blog. "While the attack appears to be targeted and not widespread, we are monitoring the issue and will update the advisory and blog as new information becomes available.” These are current known patches Current Non-Microsoft Patches http://research.eeye.com/html/alerts/zeroday/20070328.html This patch covers Windows 98, 2000, XP, Server 2003, and Vista. http://zert.isotf.org/advisories/zert-2007-01.htm Source Here |
|
|
|
|
Apr 4 2007, 02:55 AM
Post
#5
|
|
|
Trap Grand Marshal Member Group: [HOSTED] Posts: 1,134 Joined: 19-May 05 From: Mexico Member No.: 7,234 |
So now, the vulnerability is a mouse cursor. I cant believe how weak the microsoft operating systems are, but its too bad that some of us have dont have an option.
|
|
|
|
|
Apr 4 2007, 03:35 AM
Post
#6
|
|
|
A computer once beat me at chess, but it was no match for me at kick boxing. Group: [MODERATOR] Posts: 3,882 Joined: 24-July 05 From: In Trouble Again... still? Member No.: 9,787 |
Just downloading the patch and installing it now, so Micro$oft follows up with another update...
|
|
|
|
|
Apr 4 2007, 08:43 PM
Post
#7
|
|
|
$p4m 0n j00 $h4m3 m3 0nc3 $p4m 0n m3 $h4m3 m3 7\/\/1c3 Group: [HOSTED] Posts: 6,313 Joined: 21-September 04 From: 9r33|\| 399$ 4|\|D 5P4/\/\ Member No.: 1,218 |
Well the news keeps coming in about this exploit, even after the fact 3 patches have been made for this. It looks like 450 websites have been "monitored" that exploit this flaw. Then of course the slew of email spam that have been produce such as the "Hot Pictures of Britiney Speers" email that are laced with this exploit. But to add to the growing problem it looks like M$ new about since December of last year, which means that hackers, crackers, phreakers, spammers have had plenty of time to work on this.
This also mention that a group of servers controlled by Russian hackers that give out the whole buffet of attacks and what not. Their has been a root kit that was designed from this little exploit as well Definition of a root kit QUOTE A program that hackers implant in a victim’s computer to hide their nefarious programs; a hacker security tool that captures passwords and message traffic to and from a computer; a collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, mask the fact that the system is compromised, and much more. A root kit is a classic example of Trojan horse software and is available for a wide range of operating systems. By the looks of it from the article the russian hackers who been using this are gaining some steam from this. They even go on to say the originas are from a bunch of Chinese hackers who were trying to steal WOW accounts and then of course they say it's history. They mention that botnet attack might increase as well over this, which leads me to believe that everyone who follows the darkside of the computer will be using this wonderful exploit until it has lost all it's steam and more importantly that would lead into the fact that Vista just lost in the security department over this exploit since now everyone will be programming from this bad boy. They even mention the fact that the russian hackers have been waiting awhile to find a new hack to crack the windows OS, I might as well disconnect fro mthe internet right now just make it one less machine. Source HERE This post has been edited by Saint_Michael: Apr 4 2007, 08:45 PM |
|
|
|
|
Apr 4 2007, 09:53 PM
Post
#8
|
|
|
Newbie Group: Members Posts: 4 Joined: 4-April 07 Member No.: 41,091 |
QUOTE Microsoft's release of a "critical" patch on Tuesday poked holes in Vista's security promises, but security experts advise against discounting the new operating system. The software giant broke with its monthly patch cycle Tuesday to fix a bug that cybercrooks had been using since last week to attack Windows PCs, including those running Vista. "As far as software vulnerabilities go, Vista's cover is blown," said Nand Mulchandani, a vice president at Determina, the company that discovered the latest security bug. "It is not Superman; it is just a human being. It is just software. Vista is going to be very similar to the other operating systems Microsoft has delivered in terms of bugs." Microsoft officially launched Vista for consumers in January, promoting the operating system as the most secure version of Windows yet. It is the first client version of Windows built with security in mind, meaning that it should have fewer coding errors that might be exploited in attacks, Microsoft has said. Yet the "critical" hole that affected much older Windows versions also hit Vista. The vulnerability lies in the way Windows handles animated cursors and could let an attacker commandeer a PC when the user views a malicious Web site or e-mail message. The cursor flaw lies in the operating system code. This means that any application that relies on the operating system to handle animated cursor files could be an attack vector. This includes alternative browsers, such as Firefox. It is a flaw that should have been caught by Microsoft's code-vetting processes for Vista, called the Security Development Lifecycle, some experts said. The flaw is also evidence that faulty code from previous Windows versions has been copied into Vista, they said. "It is a little premature to attack the whole effort altogether, but this is something that the Security Development Lifecycle should have caught," said Amol Sarwate, a research manager at vulnerability management company Qualys. The buffer overflow vulnerability in the cursor function in particular should have already been fixed because a bug in the same Windows component was patched two years ago, said Rohit Dhamankar, manager of security research at TippingPoint, a seller of intrusion prevention products. That should have prompted re-examination of the code, Dhamankar said. Microsoft disputes that it should have caught the cursor bug before. People who say so don't understand security vulnerabilities because not all bugs are created equal, said Stephen Toulouse, senior product manager in Microsoft's Security Technology Unit. "In the case of the cursor vulnerability, even though something may look similar to the outside, that doesn't mean the code is anything alike to the previous vulnerability," Toulouse said. "The SDL was never meant to catch every single vulnerability, period." But Dhamankar argues that Microsoft forgot to recheck all the possibilities that could lead to a buffer overflow after the original bug was found and patched in 2005. Mulchandani agreed. "The dirty little secret is that Microsoft clearly did not write Vista from scratch. They did not completely build a whole new code base for this operating system. Every version of Windows since Windows NT has had this flaw in it," he said. Microsoft does acknowledge that Vista will have vulnerabilities. "There are going to be other vulnerabilities. The SDL is not a process by which no vulnerabilities will ever occur. There is no process on this planet that can do that," Toulouse said. The cursor flaw is like a sign post for the bug hunters. Hackers will now be looking for bugs in similar Windows components to find ways to attack Vista. "This has been a very significant break and it definitely gives a big pointer," Dhamankar said. "If more such errors are found later, Vista is not going to be able to offer the great protection that's claimed." Still, Microsoft's Vista security promise doesn't fall apart because of this single vulnerability. Vista is more secure than XP or any other Microsoft client operating system, Sarwate said. "If you consider Windows 2000, XP, 2003, I would still say that Vista is more secure than all the other operating systems," he said. Mulchandani also said that, while Microsoft has taken way too big a bite at the security message, Vista is more secure than its predecessors because of features such as User Account Control and others that limit privileges on the operating system. And that's just the goal Microsoft was aiming for, Toulouse said. "You have to look at Vista versus XP. A lot of people are holding Vista up and saying in a vacuum it will reach some |
