"Microsoft will make Windows XP Service Pack 2 available to the general public this week, but the enthusiasm for the first significant OS update in almost two years is now competing with worries over discoveries and claims of new holes and vulnerabilities. Through an anonymous tip, we confirmed a core vulnerability that could lead to spoofing in the Windows Security Center, the new control panel for a PC's security status. Another unpatched hole has been found in Internet Explorer that affects Version 5.01 and later, as well as on an SP2 updated system. The hole allows an attacker to download a malicious executable to the user's system without their knowledge. For more on this IE flaw, see our Windows Update and vulnerabilities.
This week's tip also deals with the new SP2 security; we show you how to open ports to allow products like PCAnywhere to work correctly. For more on the potential spoofing of the Windows Security Center, see our Top Threat. "
WMI may not only be a security hole, but a crater in the wrong hands. Due to the nature of WMI, the WSC could potentially allow attackers to spoof the state of security on a user's system while accessing data, infecting the system, or turning the PC into a zombie for spam or other purposes.
According to Microsoft, WMI is the Microsoft implementation of Web-Based Enterprise Management (WBEM), an industry standard for accessing management information on a system. For Windows XP Service Pack 2, Microsoft added new fields or records to keep track of the Firewall and Antivirus information in the WMI database. Unfortunately, the WMI database is designed to be accessible via the WBEM API (application program interface) and is available to any program that wants to access the WMI. These programs can be desktop applications written in desktop- or web-based scripting or ActiveX modules.
This open door to the security status of a system can be exploited several ways. First, a malicious site could download a file (possibly with the drag and drop exploit discussed in our Windows updates and vulnerabilities section), which could run and access the WMI, monitoring the status of the firewall and antivirus protection.
http://www.pcmag.com/print_article/0,1761,a=133959,00.asp
Posts
No comments:
Post a Comment