PC Review
Home Forums Reviews Articles Register
Member Login:

PC Review > Forums > Newsgroups > Windows XP > Windows XP Customization > Three new Windows security holes come at a bad time

Reply
Thread Tools Rate Thread

Three new Windows security holes come at a bad time

 
 
Shoe
Guest
Posts: n/a
 
      25th Dec 2004
Three new Windows security holes come at a bad time
By Angela Gunn, USATODAY.com
Three new vulnerabilities have been discovered in Microsoft’s Windows
operating system, leaving computers running that OS open to possible hacker
attacks – including PCs running the recently released XP SP2 (Service Pack
2).
The vulnerabilities were published on various online security newsgroups and
confirmed by antivirus firm Symantec. The discoveries raise particular
concern since, with the holidays underway, interested worm-writers may have
a significant head start on security professionals hoping to plug the hole.

According to a report on eWeek.com, one of the three vulnerabilities
involves image handling, which has posed problems for Windows and Unix
systems in the past. The other two vulnerabilities involve Windows’ Help
system and its .hlp files, and Windows’ ANI (Automatic Number
Identification) authentication capabilities.

The image-handling problem turned up in LoadImage, a Windows component that
loads icons, cursors or bitmaps on the desktop. An image with a malicious
payload could cause a heap buffer overflow, which would leave a system open
to exploitation.

Exploiting the ANI hole – known as the Windows Kernel ANI File Parsing Crash
and DoS Vulnerability - would require the target to click on a link or open
a message that would load a malicious ANI file. The file could trigger a
denial-of-service attack.

A Chinese security group reports not one but two possible ANI exploits.
Xfocus.org has published details on its Web site.

The Help system hole involves a potential decoding error when Help (.hlp)
files are run. Such an error could cause a heap buffer overflow, which would
(as with the LoadImage vulnerability) leave a system open to exploitation.

Machines running Windows NT, Windows 2000 or Windows XP with SP (Service
Pack) 1 are vulnerable to such exploits. Windows XP users who have applied
the SP2 service pack are protected from the image and ANI vulnerabilities,
but not from all possible aspects of the Help problem.

Users are urged to block e-mail attachments arriving with .hlp files
attached and strongly encouraged to read e-mail in plain-text format to keep
malicious images from utilizing LoadImage.
 
Reply With Quote
 
 
 
Reply

« customizing window users | GNOME 2.9.3 Development Release is now available »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Adware Test Video - Windows Security Holes AndyManchesta Spyware Discussion 7 28th May 2005 12:16 AM
Adware Test Video - Windows Security Holes/ AndyManchesta Spyware Discussion 1 27th May 2005 12:41 AM
Three new Windows security holes come at a bad time Shoe Windows XP General 1 25th Dec 2004 09:58 PM
Three new Windows security holes come at a bad time Shoe Windows XP Help 0 25th Dec 2004 08:44 PM
SP2 Security Holes TedK Windows XP Basics 5 25th Aug 2004 02:16 AM


Features
Forums Startup Database Reviews Articles FAQ / Guidelines About Us
 

Advertising
 

Newsgroups
Windows Vista Windows XP Microsoft Word Microsoft DotNet Windows 2000 AntiSpyware Microsoft Access Microsoft Excel Microsoft Outlook Hardware
 


All times are GMT +1. The time now is 06:49 PM.
Powered by vBulletin®. Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2010, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top