Friday, August 27, 2004

Security Watch Special: Windows XP SP2 Has a Dangerous Hole — WMI

Security Watch Special: Windows XP SP2 Has a Dangerous Hole:
"Microsoft will make Windows XP Service Pack 2 available to the general public this week, but the enthusiasm for the first significant OS update in almost two years is now competing with worries over discoveries and claims of new holes and vulnerabilities. Through an anonymous tip, we confirmed a core vulnerability that could lead to spoofing in the Windows Security Center, the new control panel for a PC's security status. Another unpatched hole has been found in Internet Explorer that affects Version 5.01 and later, as well as on an SP2 updated system. The hole allows an attacker to download a malicious executable to the user's system without their knowledge. For more on this IE flaw, see our Windows Update and vulnerabilities.

This week's tip also deals with the new SP2 security; we show you how to open ports to allow products like PCAnywhere to work correctly. For more on the potential spoofing of the Windows Security Center, see our Top Threat. "

WMI may not only be a security hole, but a crater in the wrong hands. Due to the nature of WMI, the WSC could potentially allow attackers to spoof the state of security on a user's system while accessing data, infecting the system, or turning the PC into a zombie for spam or other purposes.

According to Microsoft, WMI is the Microsoft implementation of Web-Based Enterprise Management (WBEM), an industry standard for accessing management information on a system. For Windows XP Service Pack 2, Microsoft added new fields or records to keep track of the Firewall and Antivirus information in the WMI database. Unfortunately, the WMI database is designed to be accessible via the WBEM API (application program interface) and is available to any program that wants to access the WMI. These programs can be desktop applications written in desktop- or web-based scripting or ActiveX modules.

This open door to the security status of a system can be exploited several ways. First, a malicious site could download a file (possibly with the drag and drop exploit discussed in our Windows updates and vulnerabilities section), which could run and access the WMI, monitoring the status of the firewall and antivirus protection.


http://www.pcmag.com/print_article/0,1761,a=133959,00.asp


Posted by at No comments:

Application Compatibility Guide for Windows XP SP 2

Download details: Application Compatibility Guide for Windows XP SP 2:
"Windows® XP SP2 introduces new security technologies to better enable Windows XP computers to withstand viruses, worms and other kinds of attacks. This guide will assist IT Professionals to test and mitigate application compatibility issues arising from these more stringent security technologies."



Quick Info

File Name:

AppCompat-XPSP2.msi

Download Size:

2956 KB

Date Published:

8/25/2004

Version:

1.0


This is approximately 100 pages

This guidance discusses the security technologies, an application testing process, incompatibility symptoms, mitigation techniques, and deployment scenarios. It makes no assumption about the size or complexity of the network, and is as relevant to peer-to-peer environments as it is to Active Directory environments.

http://www.microsoft.com/downloads/details.aspx?FamilyId=9300BECF-2DEE-4772-ADD9-AD0EAF89C4A7&displaylang=en
Posted by at No comments:

Thursday, August 26, 2004

Microsoft offers SP2 compatibility guide - News - ZDNet

Microsoft offers SP2 compatibility guide - News - ZDNet:
"Microsoft has launched a do-it-yourself kit to help IT professionals assess their software's compatibility with Windows XP Service Pack 2.

Fears among system administrators and IT managers that SP2 may break homegrown applications have already led to delays in corporate launches. To get users back on track and keep developers' blood pressure down, Microsoft is offering the application compatibility testing guide.

The guide, which can be retrieved from Microsoft's Download Center, is designed to help administrators 'test and mitigate application compatibility issues.' Microsoft adds that the guide is meant for a network of any size and is 'as relevant to peer-to-peer environments as it is to Active Directory environments.' "

http://www.microsoft.com/downloads/details.aspx?FamilyId=9300BECF-2DEE-4772-ADD9-AD0EAF89C4A7&displaylang=en

http://zdnet.com.com/2100-1104-5323378.html
Posted by at No comments:

Wednesday, August 25, 2004

Between the Lines � Bush in 30 seconds. Your privacy in 2. - ZDNet.com

Between the Lines � Bush in 30 seconds. Your privacy in 2. - ZDNet.com:
"When Web developer Shawn Smith used Google to find some of Moveon.org’s well-known "Bush in 30 seconds" anti-Bush video spots, he got more than he bargained for. Google’s search results also revealed a significant amount of confidential personal information about the Web site’s subscribers including names, e-mail addresses, newsletter subscription information, and areas of political interest. The exposure exemplifies the power and maturity of search engines like Google and begs the question "Have you Googled your own Web site recently?" "

http://blogs.zdnet.com/index.php?p=376
Posted by at No comments:

Tuesday, August 24, 2004

Vulnerability could turn drag-and-drop into drag-and-infect- News - ZDNet

Drag-and-drop flaw mars Microsoft's latest update - News - ZDNet:
"An independent researcher warned that an Internet Explorer vulnerability could turn drag-and-drop into drag-and-infect, even on computers updated with Microsoft's latest security patch.

The flaw affects the latest version of Internet Explorer running on Windows XP, even after the latest major update--known as Service Pack 2--is applied. An attacker using the flaw could install a program on a victim's computer after convincing the person to visit a malicious Web site and click on a graphic.

The attacker's program would be placed in the Windows startup folder and would run the next time the user restarted the computer. The security researcher who discovered the flaw, known by the online nickname 'http-equiv,' posted an example to show the power of the flaw."

"If you look at the Web page, all you see are two red lines and an image; drag the image across the two lines and drop it," he said. "What you have actually done is drop (a program) into your startup folder. Next time you switch the computer on it runs the program."

Security information company Secunia believes the program that takes advantage of the issue could be simplified to only require a single click from the user. Secunia rated the flaw as "highly critical," its second-highest rating of vulnerability threats.

Microsoft said the issue did not pose a serious risk to users because it requires an attacker to trick people into visiting a Web site and taking some action at the site.

http://zdnet.com.com/2100-1105_2-5318358.html
Posted by at No comments:
Subscribe to: Posts (Atom)