Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Windows Vulnerability in Help System

CowboyNeal posted more than 10 years ago | from the decidedly-unhelpful-paperclips dept.

Bug 576

wesleyt writes "CERT announced today a significant Microsoft Windows vulnerability related to IE and its handling of the Windows help subsystem. There are currently no patches available and no virus definitions for the major scanners. As well, exploits have been reported in the wild. Because the vulnerability is in the help subsystem, even users who avoid Outlook and IE are vulnerable, since IE is the default handler for help files. It seems that this is going to be an ugly one."

cancel ×

576 comments

Sorry! There are no comments related to the filter you selected.

Windows has problemss... (0, Offtopic)

Anonymous Coward | more than 10 years ago | (#8813408)

...but Linux needs to get its act together.

Linux is *not* user friendly, and until it is linux will stay with >1% marketshare.

Take installation. Linux zealots are now saying "oh installing is so easy, just do apt-get install package or emerge package": Yes, because typing in "apt-get" or "emerge" makes so much more sense to new users than double-clicking an icon that says "setup".

Linux zealots are far too forgiving when judging the difficultly of Linux configuration issues and far too harsh when judging the difficulty of Windows configuration issues. Example comments:

User: "How do I get Quake 3 to run in Linux?"
Zealot: "Oh that's easy! If you have Redhat, you have to download quake_3_rh_8_i686_010203_glibc.bin, then do chmod +x on the file. Then you have to su to root, make sure you type export LD_ASSUME_KERNEL=2.2.5 but ONLY if you have that latest libc6 installed. If you don't, don't set that environment variable or the installer will dump core. Before you run the installer, make sure you have the GL drivers for X installed. Get them at [some obscure web address], chmod +x the binary, then run it, but make sure you have at least 10MB free in /tmp or the installer will dump core. After the installer is done, edit /etc/X11/XF86Config and add a section called "GL" and put "driver nv" in it. Make sure you have the latest version of X and Linux kernel 2.6 or else X will segfault when you start. OK, run the Quake 3 installer and make sure you set the proper group and setuid permissions on quake3.bin. If you want sound, look here [link to another obscure web site], which is a short HOWTO on how to get sound in Quake 3. That's all there is to it!"

User: "How do I get Quake 3 to run in Windows?"
Zealot: "Oh God, I had to install Quake 3 in Windoze for some lamer friend of mine! God, what a fucking mess! I put in the CD and it took about 3 minutes to copy everything, and then I had to reboot the fucking computer! Jesus Christ! What a retarded operating system!"

So, I guess the point I'm trying to make is that what seems easy and natural to Linux geeks is definitely not what regular people consider easy and natural. Hence, the preference towards Windows.

Re:Windows has problemss... (-1, Offtopic)

Scorchen (641292) | more than 10 years ago | (#8813421)

Linux is *not* user friendly, and until it is linux will stay with >1% marketshare.
Greater than 1% of the marketshare? That could mean linux could be 2% - 100%.

Re:Windows has problemss... (0, Funny)

Anonymous Coward | more than 10 years ago | (#8813435)

that was hysterical. bravo

Re:Windows has problemss... (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8813442)

Q: How do I run the original DOS Quake in Windows 2000/XP?

A: You can't.

Re:Windows has problemss... (-1, Troll)

jefe7777 (411081) | more than 10 years ago | (#8813453)

>>makes so much more sense to new users than double-clicking

studies have shown that mouse clicking lowers a person's IQ, which leads to trojans, viruses, spyware, keyloggers, adware, nagware, worms, and carpal tunnel syndrome.

CLI vs. GUI is like Reading vs watching TV.

One can get results from either method, but the quality differs.

(of course some material/situations lend themselves to pictures...on your tv or the icons on your computer)

Blondasse! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8813524)

Pretty icons are for blondes. Note that their are some blondes whose hair is actually not blonde. Blondness is about what goes on inside the head, not outside (even though often blondness does show up outside as well).

No Quake3 problmes here (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8813588)

I use Slackware 9.1

1. I put cd in my dvd-rom player.
2. Under gnome or kde i press the litle CD icon
3. click on setup.sh, quake3 installer starts, in install the stuff in the usual default place.

thats it, even get a cute litle quake3 icon on my desktop.

Same as with windows mate. Don.t have to be a wiz to install quake3.

MS (5, Funny)

Fredbo (118960) | more than 10 years ago | (#8813410)

Microsoft is in some serious need of some help on this...

Re:MS (1)

biet (632569) | more than 10 years ago | (#8813415)

But who wants to help them anyway ? Oh wait...

Re:MS (2, Interesting)

MrNonchalant (767683) | more than 10 years ago | (#8813512)

"By convincing a victim to view an HTML document such as a web page or HTML email message, an attacker could execute script in a different security domain than the one containing the attacker's document." So basically we're talking another e-mail attachment auto-execution exploit here. A whole new generation of viruses just got a way to spread minus a user's click. Thank goodness I use Mozilla mail.

mozilla is not going to save you (1)

anthony_philipp (710666) | more than 10 years ago | (#8813622)

NOTE: Using an alternate web browser may not mitigate this vulnerability. It may be possible for a web browser other than IE on a Windows system to invoke IE to handle ITS protocol URLs.

yeah its a bigger problem than just IE another web browser or email client may end up doing you in. best get off that windows box. ;)
anthony

Re:MS (0)

JohnDoe.Slashed (717301) | more than 10 years ago | (#8813530)

Yeap, someone gotta give them a "specially crafted help file" in order to help them...

Re:MS (5, Funny)

netsharc (195805) | more than 10 years ago | (#8813617)

"It seems like you're trying to exploit a security hole. Would you like help?"

Not that big of deal (3, Insightful)

Anonymous Coward | more than 10 years ago | (#8813414)

I am sure the major virus scanners will have it before anything "really" bad happens.. this isnt anything special.. move along

Re:Not that big of deal (3, Funny)

baryon351 (626717) | more than 10 years ago | (#8813471)

As a mac user I'm just glad that our beleaguered platform that's now full of trojans has a competitor and hopefully this upstart Windows will take some of the attention away. phew!

Re:Not that big of deal (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8813490)

Why don't you go back to sucking cock, instead of wasting our time by posting stupidity.

Actually, mac users haven't had a virus yet (2, Informative)

Aqua OS X (458522) | more than 10 years ago | (#8813516)

We had the release of a "conceptual" Trojan yesterday.... but not a real virus.

Some software company was trying to sell their mac virus software. A real ID3 tag Mac Trojan does not exist right now.... and odds are we will see patches before one comes to be.

Privilege level (5, Insightful)

Gary Destruction (683101) | more than 10 years ago | (#8813417)

"could allow an attacker to execute arbitrary code with the privileges of the user running IE" This is why you run as a restricted user rather than administrator or power user. Restricted users don't have write or modify permissions to the WINNT or Program Files directories or subdirectories. And they certainly don't have permission to screw with the registry.

Re:Privilege level (4, Insightful)

Phexro (9814) | more than 10 years ago | (#8813444)

They also don't have permission to do most things that users are used to doing, such as installing new software.

Not saying that your comment is wrong, just that for most people, convenience is more important than security.

Re:Privilege level (2, Interesting)

pe1chl (90186) | more than 10 years ago | (#8813464)

To install new software, users (except the totally clueless) log in as an administrative user, or even choose to run the setup program as an administrative user while being logged in as an unprivileged user.

Unfortunately, the default distribution of Windows is not setup this way, and is even discouraging it (especially in the Home version).

Re:Privilege level (2, Informative)

Anonymous Coward | more than 10 years ago | (#8813504)

To install new software, users (except the totally clueless) log in as an administrative user, or even choose to run the setup program as an administrative user while being logged in as an unprivileged user.

I don't do this, and not because I'm clueless, but because there are lots of pieces of software that I am forced to use that need you to be logged in as not only an Administrator, but THE Administrator. Most of this software was made for Windows 95 or Windows 98, and some even for Windows 3.x.

Re:Privilege level (0)

Anonymous Coward | more than 10 years ago | (#8813565)

You can't log in as "The Administrator" unless you delete all your other accounts. This is true in Windows XP, at least. Not sure about the others.

Re:Privilege level (5, Insightful)

Halfbaked Plan (769830) | more than 10 years ago | (#8813513)

I used to try running Windows 2000 as a non-privledged user.

The problem is, not every Windows program out there is written to be aware of the fine-grained security model of Windows NT. In a 'perfect world' every Windows developer would code properly, with security in mind. As it stands, the complex NT security model is just ignored by a lot of people. It might work great in a locked-down corporate environment with a limited-set of software, i.e. where the user isn't allowed to install anything, and the software installed is a narrow well-tested set. It won't ever work in looser environments. Given the lax 'security culture' of Microsoft and it's user base, it's unworkable.

Re:Privilege level (5, Insightful)

pe1chl (90186) | more than 10 years ago | (#8813534)

This is like saying that keylocks work well in a bank, but will never be workable in normal life. People will lose keys, will find it uncomfortable to carry keyrings, etc.

Sure there is some truth in that, but as more and more people don't respect other people's property, keylocks have become a necessity and have to be lived with, no matter the discomfort.

The same is now happening with software security.

Re:Privilege level (3, Funny)

h2odragon (6908) | more than 10 years ago | (#8813560)

if i have to re-educate my users to be aware of security, i may as well re-educate them to a better thought out environment.

To extend the lock metaphor well beyond any rationality: i'll teach them to use keys instead of a "dance and sing" ritual... "you have to log in as root to do this and that" instead of "you have to right click and selct this, unless its september or a full moon when you have to double click here and then do this that and this other step; except for full moons during september when you have to sacrifice a blue goat at 11:13pm PST using a 14 inch Stihl chainsaw".

Re:Privilege level (3, Interesting)

Halfbaked Plan (769830) | more than 10 years ago | (#8813585)

To extend your analogy to fit better, consider a world in which many doors, windows, cabinets, etc. are designed in such a way that it's impossible to install a key lock. Others are designed so that a keylock can be installed, but there's only one supply anywhere in the world for key blanks for that particular lock. So you can't lock certain places at all, because you only have one key, and there are five of you who need access to that cabinet or room.

Re:Privilege level (5, Informative)

Gary Destruction (683101) | more than 10 years ago | (#8813473)

Use the runas service to do administrative stuff. You can either use it in command line form or hold down shift and right click on an executable. It works on most control panel applets as well.

Re:Privilege level (0)

Anonymous Coward | more than 10 years ago | (#8813576)

Hmm. I didn't know about the command line version. It seems to have a lot more features than the GUI version.

Re:Privilege level (0)

Anonymous Coward | more than 10 years ago | (#8813499)

... such as installing new software.

Wrong. Even if you are restricted user, you can install software by using "su" and getting root privileges.

... oh, wait ...

Re:Privilege level (4, Insightful)

harlows_monkeys (106428) | more than 10 years ago | (#8813467)

This is why you run as a restricted user rather than administrator or power user. Restricted users don't have write or modify permissions to the WINNT or Program Files directories or subdirectories. And they certainly don't have permission to screw with the registry

So basically, then, that makes it so that if the user gets infected by something, all it can do is destroy that user's personal files, and propogate over the network, as opposed to doing all that AND making the user have to reinstall Windows by mucking with system stuff?

That's nice for administratos--they can clean the machine just by wiping that user, but for the user that is not going to make much difference.

Re:Privilege level (4, Insightful)

DA-MAN (17442) | more than 10 years ago | (#8813492)

So basically, then, that makes it so that if the user gets infected by something, all it can do is destroy that user's personal files, and propogate over the network, as opposed to doing all that AND making the user have to reinstall Windows by mucking with system stuff?

That's nice for administratos--they can clean the machine just by wiping that user, but for the user that is not going to make much difference.


Let's see, 1 hour of downtime while we reimage and reconfigure your machine vs. 1 minute to clear out your profile and let me work on pulling your data from a good known back up.

Re:Privilege level (5, Insightful)

Lukey Boy (16717) | more than 10 years ago | (#8813508)

You realize that's only valid in the context of a corporate setup, right? Most viruses and trojans infest home systems. Of course it's easy to reimage a machine in an office - it's the fabled "Aunt Tillie" we have to worry about.

Re:Privilege level (2, Insightful)

Gary Destruction (683101) | more than 10 years ago | (#8813509)

Ah, but most worms and viruses *want* to write to the WINNT directory, it's subdirectories and the registry. Unless the worm or virus can elevate privileges, it's not going to be able to install itself as a service unless it puts itself in the startup menu in the user's registry. It really depends what the virus or worm was programmed to do. If it's something ilke klez which infects executables, then any executables with that user's permission will be infected. Some thing goes for a virus or worm that infects or destroys jps or word files. It just depends on what it was programmed to do. And it's going to most likely try to copy itself to the WINNT directory, it's subdirectories and the registry BEFORE it propagates itself. And it also depends if the user's profile is mandatory or not. And user's files should be saved to a server and not locally.

Re:Privilege level (5, Informative)

goat_attack (127983) | more than 10 years ago | (#8813485)

Unfortunately many programs and especially games require you have admin access to work, i.e. The Sims (god knows why). Imagine teaching your mother to use one account for installs, and another for her email and browsing, then throw in some stuff that will only work under admin and you'll quickly see where this goes.

This is a much broader problem than merely stupid/lazy users.

Use the RUNAS service (5, Informative)

Gary Destruction (683101) | more than 10 years ago | (#8813528)

The RUNAS service will allow you to run an executable with elevated privileges. And shortcuts have the option to run as a different user by clicking the check box that says,"Run as different user." To use the RUNAS service, just hold down shift and right-click and you'll see an option that says "Run As".

Re:Use the RUNAS service (0)

Anonymous Coward | more than 10 years ago | (#8813538)

To use the RUNAS service, just hold down shift and right-click and you'll see an option that says "Run As".
What would we ever do without windows to make our lives easier?

Re:Use the RUNAS service (0)

Anonymous Coward | more than 10 years ago | (#8813571)

Shift right-click is the general command. In XP, it's even automatically displayed in the right-click context menu it most cases.

In KDE and GNOME, you can't arbitrarily decide to run a program as a different user. You woule either have to modify the entry in the menu editor or drop down to the command line.

Re:Privilege level (4, Insightful)

Anonymous Coward | more than 10 years ago | (#8813518)

> Restricted users don't have write or modify permissions to the WINNT or Program Files directories or subdirectories

Typicall stupid techie answer.

Restricted users have write or modify permission on the critical business files and databases. Which are 8 thousands times more important to the business than your average winnt directory.

Get out of your mom basement.

Re:Privilege level (1)

Gary Destruction (683101) | more than 10 years ago | (#8813566)

You want a techie answer? I'll give you a techie answer. Restricted users don't have write or modify permissions to the WINNT directory, its child objects, or subdirectories due to parent level propagation via NTFS. If restricted users can get to critical business files and databases, then it's the admin and/or DBA admin's fault for not setting the proper privilege levels. And yes, DB's have permissions that can be set.

Windows XP SP2 (5, Informative)

Anonymous Coward | more than 10 years ago | (#8813418)

Although there's no specific patch, the Windows XP SP2 release candidate [microsoft.com] mitigates this problem.

Re:Windows XP SP2 (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#8813491)

Cool. Thanks.

Mitigation? (3, Interesting)

Henk Poley (308046) | more than 10 years ago | (#8813567)

Are you sure?

Re:Mitigation? (0)

Anonymous Coward | more than 10 years ago | (#8813586)

Yes. XP SP2 locks down the My Computer IE security zone, which makes it no more dangerous than the Internet Zone, thus mitigating this problem.

I GOT FIRST POST! (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#8813422)

The hours of reloading finally paid off. I RULE!

Re:I GOT FIRST POST! (-1, Offtopic)

biet (632569) | more than 10 years ago | (#8813438)

The hours of reloading finally paid off. I RULE! Score: -1 Pathetic

I believe... (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8813446)

The term is 0wned.

Horrible (5, Funny)

S.I.O. (180787) | more than 10 years ago | (#8813423)

> and no virus definitions for the major scanners

Jesus, even my ScanJet is vulnerable?

Re:Horrible (0)

Anonymous Coward | more than 10 years ago | (#8813529)

You should have gotten an off-brand non-major scanner, I guess. Maybe one of those awful off-brand hand scanners from the 80's.

Does that matter if we don't have IE's exe file? (4, Informative)

d3am0n (664505) | more than 10 years ago | (#8813424)

Most of us here have already modified our systems knowing that having even the IE exe file or outlook express exe file could cause problems and have removed it (even in spite of the hidden little annoying backup). Remember to get rid of IE be sure to look in the folder /windows/system32/dllcache for those backup exe files that it uses to restore when you try and rip IE or outlook out yourself.

Re:Does that matter if we don't have IE's exe file (4, Interesting)

pe1chl (90186) | more than 10 years ago | (#8813449)

IE's exe file is not very relevant, as it is only a loader for the DLLs that implement the actual functionality.

How else could it be so small?

To really get rid of IE you need to remove the DLL files that it uses, and you will break many other programs in the process. Because they all closely link to eachother.

Re:Does that matter if we don't have IE's exe file (1, Informative)

Anonymous Coward | more than 10 years ago | (#8813469)

mshtml.dll for one. Oh and hope that explorer is not broken in the process.

Today? (5, Informative)

Troed (102527) | more than 10 years ago | (#8813426)

They announced this TODAY? It has been discussed on Bugtraq for weeks - and due to a few comments I made in their discussion forum the Swedish IDG.se reported this last Friday. I've also linked to one of the PoC-exploits here on Slashdot for people check for themselves. ... what took them so long?

Jelmer's PoC is good: link [planet.nl]

(That page is the info page, you won't get hit by clicking on the link directly)

Re:Today? (2, Insightful)

Albanach (527650) | more than 10 years ago | (#8813558)

They clearly discussed the announcment with their international partners - half of Europe are on holiday today, Good Friday and again on Monday.

I'd imagine lots of the IT bods that are stil working will have had major work scheduled for this weekend for weeks. Just as well there isn't a patch to be deployed!

Fuck Slashdot (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8813427)

Why does this story submittal sound so hopeless? We all know that a patch is forthcoming. At least it's not affecting a Linux distro. If that was the case, there wouldn't be a fix for months. And in RedHat's case, it would only be for current versions. Not to mention the possibility that the patch would be trojaned. Correct me if I'm wrong, but Windows Update has never been pwn3d. Unlike GNU, Debian, and the many other open sores projects.

old old old (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8813431)

OLD old old old. CowboyNeal = Shit for brains.

Also (-1, Offtopic)

weekendwarrior1980 (768311) | more than 10 years ago | (#8813433)

Microsoft Readies for Software Bootleg Binge

Microsoft Corp. officials on Thursday said the company is investigating the leak of a piece of code that is capable of generating activation keys for Windows Server 2003 and other enterprise products. The tool, known as a key generator, can be used to produce the random alphanumeric keys that are needed to activate the software upon installation. The arrival of the key generator was noted in a posting by Microsoft enthusiast site Neowin.net earlier in the week. However, the group withdrew the listing for an undisclosed reason. More [eweek.com]

Re:Also (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8813489)

Half the news on Neowin.net is about Apple.

Windows users must definitely have the smallest cyberdick size.

start the stopwatch... (5, Insightful)

rapiddescent (572442) | more than 10 years ago | (#8813436)

now would be a very good time to start the clocks to see how long it takes them to get a patch out. Should be a good case in point for the forrester research published last week. rd

Re:start the stopwatch... (2, Insightful)

Anonymous Coward | more than 10 years ago | (#8813448)

Now would? More like a MONTH AGO when there were IRC worms spreading based on this.

Re:start the stopwatch... (-1, Troll)

Debug This (702664) | more than 10 years ago | (#8813536)

Of course, MS's response time of several days absolutlely sucks compared to lunix's standard 8-month period.

I wish this site would stop bashing MS and realise that they do a good job. I mean seriously; how obscure is this bug? Its hidden underneath heaps of files and procedures; if i was the programmer responsible i'd be proud of what i had accomplished, if this is the best that the critics could come up with.

Re:start the stopwatch... (0, Troll)

MrLizardo (264289) | more than 10 years ago | (#8813591)

First of all: We're not talking about Lunix vs. Windows! We're talking about Linux vs. Windows. There's a fairly big difference. Linux is a fully featured UNIX clone. Lunix is an OS for the Commodore 64/128. Second: Its been out for 1 month and MS hasn't made an announcement! There are already exploits in the wild before MS admitted this existed! That's kind of a problem. I have no problem that its there in the first place. It just needs to be fixed sometime before there are already viruses exploiting it.

-Mr. Lizardo
(Responding to Slashdot trolls since 1998)

Re:start the stopwatch... (5, Interesting)

exmsfty (695351) | more than 10 years ago | (#8813545)

Well, the interesting thing to me is I was a contract tester on the HTMLHELP team in 1999...and I filed a bug report for this very exploit. So by my stopwatch we are at 5 years and counting. FWIW, I used this exploit to nuke my boss's computer via the "Goodtimes" virus...yea, it was a hoax, but with this exploit I could run "rd /s/q \winnt" from the Preview Pane of Outlook :) If you care then write ShaneMc@microsoft.com and ask him why it wasn't fixed 5 years ago.

ICMP Nuke (-1, Offtopic)

Scorchen (641292) | more than 10 years ago | (#8813439)

I just wish ICMP Nuke would still work.

MS wil fix it i gues (1, Insightful)

Anonymous Coward | more than 10 years ago | (#8813440)

I think MS wil fix this one soon because of its impact on the Windows concept as a whole. The help system is a crucial item.

Wel, CERT says to disable activex stuff, wel should be easy to fix i gues.

Hope they fix this one soon.

restricted users are nice (1)

spectre_be (664735) | more than 10 years ago | (#8813441)

but besides company's and organizations i think most of the joe average windows users dont take the trouble of configuring their system with restricted users and such. (personally i find it hard to get it all configured right, for one how do i allow restricted users to define shares ??)
"By convincing a victim to view an HTML document such as a web page or HTML email message, an attacker could execute script in a different security domain than the one containing the attacker's document." => let's hope outlook blocks scripts or lots of people will be an easy prey thanks to the 'great' preview pane!
i don't think this will be msblast 2 but i do hope antivir's will catch up (wchich the undoubtably will)
long live mozilla!

Not a problem... (2, Funny)

Raynach (713366) | more than 10 years ago | (#8813443)

Pfft, using help files for Windows?? And this is /. news??

I'm a man, therefore I use MAN pages when I need help. ;)

Re:Not a problem... (4, Funny)

Rosco P. Coltrane (209368) | more than 10 years ago | (#8813493)

I'm a man, therefore I use MAN pages when I need help.

Tell me, do you also happen to use gimp?

Pico? (1)

Capt'n Hector (650760) | more than 10 years ago | (#8813580)

What about pico?

Re:Not a problem... (1)

DA-MAN (17442) | more than 10 years ago | (#8813505)

that's right...

Consult the man when you need answers....

Can the help system be disabled (1)

Rosco P. Coltrane (209368) | more than 10 years ago | (#8813462)

If the Windows help thing can be disabled or uninstalled, maybe that exploit won't have anything to exploit.

I don't run Windows, so I don't know much about the help system in it, but what I do know is that the help it gave me was about as useful as fine bone china in a tea party for drunken Parkinson disease sufferers, so uninstalling/disabling it won't be a great loss.

No luck there, I'm sure! (1)

zonix (592337) | more than 10 years ago | (#8813562)

If the Windows help thing can be disabled or uninstalled, maybe that exploit won't have anything to exploit.

I don't know anything that can be really disabled or uninstalled on Windows. Since it's already mentioned that IE is the default handler for help files, I guess people are out of luck in this regard.

I once wanted to uninstall the games that come preinstalled with Windows. So, I got the relevant registry tweaks from support.microsoft.com to have the games displayed in the "Windows Add/Remove Programs" section. Great! Guess what happened? The shortcuts were removed, and the exe files left in place. That's apparently what Microsoft considers uninstalling to be.

z

Afraid (5, Interesting)

InternationalCow (681980) | more than 10 years ago | (#8813480)

I don't know about the rest of you, but things like these are actually scaring me out of running Windows. Apart from my powerbooks (no problems there) I have one PC laptop on which I run WinXP and Linux and I like to use Windows for its ACPI support, but I'm now constantly afraid that some as yet undescribed security hole will allow someone to screw up my computer/home network. Brrrr. No Windows any longer, I'm sick and tired of being afraid when using my computer.

Re:Afraid (0)

Anonymous Coward | more than 10 years ago | (#8813511)

As long as it's behind a firewall and you don't download suspicious files, you'll be okay. For this specific exploit, avoid .chm files.

Re:Afraid (1)

Halfbaked Plan (769830) | more than 10 years ago | (#8813563)

There are tons of good .chm files in the ebooks binary newsgroups. Hmm, I bet some of them are buggy now...

if you use linux (1, Insightful)

circletimessquare (444983) | more than 10 years ago | (#8813611)

you will be afraid too

and being afraid is a GOOD thing

it makes you vigilant

there is no system out there that is 100% virus proof

so don't make excuses to lull yourself into a false sense of security

always be vigilant, and you will minimize your risk of being infected

it will never be 0, no matter what os you use, no matter what you do

Is Mozilla vulnerable ? (0)

S3D (745318) | more than 10 years ago | (#8813482)

Can anyone explain me, how can Mozilla invoke IE without me expicitly permitting it, and if there are any settings for Mozilla to prevent it ?

Re:Is Mozilla vulnerable ? (2, Informative)

rinusnl34 (757361) | more than 10 years ago | (#8813537)

i checked the link from the poster above,and it did not seem to do anything on Mozilla 1.7B

Its not (3, Informative)

respite (320388) | more than 10 years ago | (#8813539)

There is a proof of concpet page here [planet.nl] . Neither mozilla nor firefox are susceptible.

I know, I know.. (-1, Troll)

pantycrickets (694774) | more than 10 years ago | (#8813487)

I know I'm going to get modded down. And that's fine. But really.. a vulnerability in the Help Subsystem? There have been remote exploits in SSH, SMTP, WUFTP, Telnetd, Apache, and every other Linux program that accepts connections. Where are the blaring headlines? The super-critical replies?

I know there have been stories.. but still. This is pretty insignificant. Why can't you mod article submissions? This might be modded down as flame bait.

Re:I know, I know.. (0)

Anonymous Coward | more than 10 years ago | (#8813519)

Follow the link, read the report, then come back and tell us why this might be important.

Re:I know, I know.. (1)

arpy (587497) | more than 10 years ago | (#8813544)

I couldn't care less whether you are modded up as insightful or modded down as troll (and I know which I'd do). /. quite frequently reports on vulnerabilities in free & open source software - and of course these articles receive a bunch of trollish replies along the lines of "who cares" and "why's this news".

Re:I know, I know.. (5, Insightful)

heironymouscoward (683461) | more than 10 years ago | (#8813559)

At the risk of replying to a Microsoft troll, this is not a "pretty insignificant" story.

Errors in server-side applications are rapidly fixed by serious system administrators and at the worst they provide attackers a way into unprotected systems. How many computers around the world are currently infected or zombied thanks to holes in any of the programs you cited? Almost zero.

Security holes in client-side applications (MSIE, Outlook, primarily) are a totally different story. These programs are mainly used by people who don't have the capacity to protect their systems. And the results are clear: millions of PCs infected by everything from viruses to worms and spywares, used as platforms to launch DDoS attacks, to send spam, to steal information...

There is a real security problem on the Internet, one that is making a joke of the "information highway", and it's almost entirely caused by vulnerabilities like the one reported here.

Until the market leader realizes that its users need serious protection from the malicious forces who roam the Internet, no amount of criticism is too much. And, if you really want to support and defend Microsoft, you should be adding your voice, because it is this issue - its failure to provide its users with a safe platform - which will be its downfall.

"Microsoft = insecure" is an association that should be sending shivers down the backs of those marketing managers trying to bomb the web with billions of Microsoft adverts.

Workaround (5, Informative)

KingRob (698441) | more than 10 years ago | (#8813494)

Remember to backup your registry (or at least this portion of it)
From the CERT article:

Currently, there is no complete solution for this vulnerability. Until a patch is available, consider the workarounds listed below.

Disable ITS protocol handlers
Disabling ITS protocol handlers appears to prevent exploitation of this vulnerability. Delete or rename the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Ha nd ler\{ms-its,ms-itss,its,mk}
Disabling these protocol handlers will significantly reduce the functionality of the Windows Help system and may have other unintended consequences. Plan to undo these changes after patches have been tested and installed.

Follow good Internet security practices
These recommended security practices will help to reduce exposure to attacks and mitigate the impact of cross-domain vulnerabilities.

Disable Active scripting and ActiveX controls

NOTE: Disabling Active scripting and ActiveX controls will not prevent the exploitation of this vulnerability.

Disabling Active scripting and ActiveX controls in the Internet and Local Machine Zones may stop certain types of attacks and will prevent exploitation of different cross-domain vulnerabilities. Disable Active scripting and ActiveX controls in any zones used to read HTML email.

Disabling Active scripting and ActiveX controls in the Local Machine Zone will prevent malicious code that requires Active scripting and ActiveX controls from running. Changing these settings may reduce the functionality of scripts, applets, Windows components, or other applications. See Microsoft Knowledge Base Article 833633 for detailed information about security settings for the Local Machine Zone. Note that Service Pack 2 for Windows XP includes these changes.

Do not follow unsolicited links
Do not click on unsolicited URLs received in email, instant messages, web forums, or Internet relay chat (IRC) channels.

Maintain updated anti-virus software
Anti-virus software with updated virus definitions may identify and prevent some exploit attempts. Variations of exploits or attack vectors may not be detected. Do not rely solely on anti-virus software to defend against this vulnerability. More information about viruses and anti-virus vendors is available on the US-CERT Computer Virus Resources page.

ANOTHER... (-1, Redundant)

igloo-x (642751) | more than 10 years ago | (#8813500)

... flaw?

when will people realize? [linux.org]

Re:ANOTHER... (0)

Anonymous Coward | more than 10 years ago | (#8813555)

Wel, how secure is GNU/linux then???

Most programmers are sloppy, hence they leave buffer exploitable code in their releases and other stuf to.

From a security standpoint, GNU/Linux is less safe as Micro-soft stuff, but Micro-soft blows its onw advantage by releasing their software to early, wich of course contain bugs.

This is not flamebate, i'm just a Computer engineer who happens to be concerned about security, and right now there is no secure product at all. ...

CERT Solution (4, Informative)

nuffle (540687) | more than 10 years ago | (#8813506)

the CERT article has the following to say about the solution.
Currently, there is no complete solution for this vulnerability. Until a patch is available, consider the workarounds listed below.


Disable ITS protocol handlers

Disabling ITS protocol handlers appears to prevent exploitation of this vulnerability. Delete or rename the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\{ms-its,ms-itss,its,mk}

Disabling these protocol handlers will significantly reduce the functionality of the Windows Help system and may have other unintended consequences. Plan to undo these changes after patches have been tested and installed.

Is Mozilla on Win32 vulnerable ? (0)

Anonymous Coward | more than 10 years ago | (#8813507)

Does this require exterminating IE completely off the machine to fix ?

Windows is dying (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8813531)

It is official; Netcraft confirms: Windows is dying

One more crippling bombshell hit the already beleaguered Windows community when IDC confirmed that Windows market share has dropped yet again, now down to less than a fraction of 100 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that Windows has lost more market share, this news serves to reinforce what we've known all along. Windows is collapsing in complete disarray, as fittingly exemplified by failing dead last [samag.com] in the recent Sys Admin comprehensive networking test.


You don't need to be a Kreskin [amdest.com] to predict Window's future. The hand writing is on the wall: Windows faces a bleak future. In fact there won't be any future at all for Windows because Windows is dying. Things are looking very bad for Windows. As many of us are already aware, Windows continues to lose market share. Red ink flows like a river of blood.


Windows XP is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time Windows XP developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: Windows XP is dying.


Let's keep to the facts and look at the numbers.


Microsoft CEO Bill Gates states that there are 7000000 users of Windows. How many users of Windows 2000 are there? Let's see. The number of Windows XP versus Windows 2000 posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000000/5 = 1400000 Windows 2000 users. Windows2000/DOS posts on Usenet are about half of the volume of Windows 98 posts. Therefore there are about 700000 users of Windows 98. A recent article put Windows XP at about 80 percent of the Windows market. Therefore there are (7000000+1400000+700000)*4 = 36400000 Windows XP users. This is consistent with the number of Windows XP Usenet posts.


Due to the troubles of SCO, abysmal sales and so on, Windows XP development unit went out of business and was taken over by Apple who sell another troubled OS.


All major surveys show that Windows has steadily declined in market share. Windows is very sick and its long term survival prospects are very dim. If Windows is to survive at all it will be among OS dilettante dabblers. Windows continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, Windows is dead.


Fact: Windows is dying

irc (1, Informative)

Anonymous Coward | more than 10 years ago | (#8813547)

trojan viruses have been in the wild for atleast a week, probably more, you get infected by visiting a website (with IE ofcourse) and then it spams URLs of the trojan via mIRC.. the process is something like wsz32.exe or nosc32.exe (in %windir%\system32\)

This is point in fact... (5, Insightful)

tuxlove (316502) | more than 10 years ago | (#8813548)

... that not publishing vulnerabilities doesn't stop exploits. This one had exploits long before the vulnerability was known to anyone but the hackers. I have to laugh every time MS whines about how problems would go away if vulnerabilities were never disclosed, except to the vendor of course. The only thing that might go away is the bad PR, if even that.

well (5, Funny)

circletimessquare (444983) | more than 10 years ago | (#8813569)

i loaded up ie, went help... contents and index... search... and typed in"help subsystem vulnerable" and hit list topics

a pop up box announced "no topics found"

so what is everyone talking about? this doesn't seem to be a problem

mean trick (4, Funny)

Ruliz Galaxor (568498) | more than 10 years ago | (#8813575)

this is probably some kind of mean trick from mister Linus to discourage the use of Windows. I don't believe in this vulnera...

hey, where did my files go?

Administrators: quick fix (5, Informative)

AnonymousDot (517935) | more than 10 years ago | (#8813578)

Create a .REG file with this content:
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ PROTOCOLS\Handler\its]
[-HKEY_LOCAL_MACHINE\SOFTW ARE\Classes\PROTOCOLS\Handler\mk]
[-HKEY_LOCAL_MA CHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-its]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Ha ndler\ms-itss]
Remove the spaces that slashcode adds!

Save it as chm-disable.reg
Put a line like this in your logon script:
regedit /s chm-disable.reg
Use the same trick to restore the values when a patch is available (that means that you must save the HANDLER keys first).
Note: If you're still using batch files: KiXtart is your friend!

Re:Administrators: quick fix (0)

Anonymous Coward | more than 10 years ago | (#8813609)

I'm preferential to JScript + WSH.

Re:Administrators: quick fix (0)

Anonymous Coward | more than 10 years ago | (#8813618)

hey thanks, how do i save the original keys ?

Going to be!? (1, Funny)

shad0w47 (261033) | more than 10 years ago | (#8813584)

It seems that this is going to be an ugly one. I always already thought this IE thingy was an ugly one, even without this bug?

I wonder... (3, Funny)

Ruliz Galaxor (568498) | more than 10 years ago | (#8813593)

how to format my harddisk. Maybe Windows-help can provide me with some support. *clickety-click*

sig(h)

WAIT!!! (3, Funny)

The Ancients (626689) | more than 10 years ago | (#8813597)

we haven't finished talking about the OS X security hole. Damn MS always has to get market dominance in everything they do...

I've fixed it ! (0)

Anonymous Coward | more than 10 years ago | (#8813614)


yeah you wish, if i knew what was wrong i couldnt fix it myself, thanks Bill !

ie rants (4, Interesting)

bmac (51623) | more than 10 years ago | (#8813625)

I use a "custom level" for my internet zone. I basically turn off *everything*. I don't need java, and "active scripting" should be re-worded to say "give web pages access to God-knows-what?".

Besides, I really despise the "AppletTransition Sensor" that ESPN and other sites use. Screw `em. Just give me the dang HTML and, please, IE, just render it for me. No code, no scripts, no popups, no crap.

Websites that require JavaScript piss me off. The stupid Washington Post can't even render a page without JavaScript. What a terd.

Now, if only I could get IE to stop displaying the "Your browser doesn't allow ActiveX controls" message that pops up on pages where the designer used some crap control. I've made ActiveX controls and I *know* they can do anything they want on my system. Arg.

And wtf is with "install desktop items"? This is a *web* *browser*, not the control panel, for crying out loud.

And, last but not least, when I disable all this crap and then hit apply, it gives me a confirm warning message, but when I (because I need to use JavaScript on some crappy page) restore the default "cheap-whore-mode" settings, it doesn't say a word! Nice emphasis, Microsoft.

Yeah, I know, use a different browser (or OS), but we all know Windows is *designed* to not interoperate well with those things, right? Sometimes, it wastes time to try to fight inertia.

Anyhow, my feeling is that the desktop situation on Linux and BSD won't be solved until X is ditched completely. Just give me the dang screen buffer(s) and some basic routines and I'll draw my own shtuff. X is a 25-year-old terd, designed for machines with, like, 4k of memory (warning: hyperbole). Just give me font, line, point, ellipse, bitblt and friggin window data structures -- straight to the video card. And access to the video card reg's would be nice too.

End of Rant, enjoy your day.

Peace & Blessings,
bmac
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?