Bill Gates Mugshot

The Evil Empire
Information about Microsoft, bugs, security holes, and dirty business tactics.
Updated irregularly (about once per week)

 

July 23, 2004

More security problems in Internet Explorer

Only a few days after Microsoft has patched its Internet Explorer browser to close some security leaks, more problems have been discovered:

A bug in the browser's drag-and-drop handling can allow malicious code to be installed on the computer. This problem is aggravated by the fact that mouse clicks can be "hijacked" to make the browser believe that such a drag-and-drop action has been performed. Additionally, a problem in IE's method cache can confuse security checks and allow software installation that would otherwise be blocked. More... [Der Standard]

Posted by Horst at 02:05 PM

July 14, 2004

Windows XP: Surviving the first day

Since its release, a number of severe security vulnerabilities have been discovered in Windows XP. These vulnerabilities are used by worms and viruses, making it impossible to connect an unsecured, unpatched system to the Internet for any amount of time without risking exposure and infection. Users of new computers are faced with the dilemma of being infected by these worms before being able to download the necessary patches.

This guide will show how to install Windows XP securely, without being infected by these worms during the patching process. Download... [SANS]

Posted by Horst at 06:48 PM

Microsoft Internet Explorer Multiple Vulnerabilities

Paul has reported some vulnerabilities in Internet Explorer, allowing malicious people to bypass security restrictions and potentially compromise a vulnerable system.

1) It is possible to redirect a function to another function with the same name, which allows a malicious website to access the function without the normal security restrictions.

2) Malicious sites can trick users into performing actions like drag'n'drop or click on a resource without their knowledge. An example has been provided, which allows sites to add links to "Favorites". However, resources need not be links and the destination could be different than "Favorites".

3) It is possible to inject arbitrary script code into Channel links in Favorites, which will be executed when the Channel is added. The script code is executed in Local Security Zone context.

4) It is possible to place arbitrary content above any other window and dialog box using the "Window.createPopup()" function. This can be exploited to "alter" the appearance of dialog boxes and other windows. More... [Secunia]

Posted by Horst at 06:45 PM

July 13, 2004

Microsoft issues seven security patches, two critical

Microsoft this week released seven security patches covering a wide array of the company's products. Two of those patches fix holes that Microsoft deemed "critical" and warned could allow remote attackers to take control of vulnerable Windows systems.

The software updates include fixes for previously unknown holes in Windows, including critical holes in the Windows Task Manager and HTML help features. The company also published a patch for a recent, publicly disclosed hole in the Windows Shell application programming interface (Shell API) and fixed a hole in older versions of the Internet Information Services (IIS) web server that one expert said is well-suited for use in an Internet worm. More... [Computerworld]

Posted by Horst at 06:53 PM

July 09, 2004

Unpicking Microsoft's patchwork

Keeping your system safe means making sure you have all the latest updates installed - but sometimes Microsoft doesn't make it easy to do. After the Download.Ject attack, Microsoft on Friday released a "configuration change" it wants people to apply to installations of the Windows XP, Windows Server 2003 and Windows 2000 operating systems.

But the latest episode also points at the time constraints of dealing with malicious code. Crucial days -- if not hours -- can elapse between the moment vulnerabilities surface on the Internet and the time vendors get around to releasing patches and configuration changes.

In this case, Microsoft said the configuration change is "currently available" on the company's Web site and would be made available later in the day on Windows Update. But clicking the link will lead to a page that offers not a clue about where to find the fix that Microsoft says is there. The site lists popular downloads and even featured downloads. But nowhere is something that says, "If you've come here for the download that protects you against Download.Ject, click here!" More... [ZDNet]

Posted by Horst at 10:22 PM

July 06, 2004

Microsoft's browser dominance at risk as experts warn of security holes

Its curved blue "e" sits on almost every computer desktop in the world, but the global dominance of Microsoft's web browser could soon be over following a stark security warning from a senior panel of internet experts who say it opens the door to online criminals.

They are urging all users of Internet Explorer (IE) to stop using the browser because they say it is vulnerable to hackers and credit card fraudsters.

The alert, from the US Computer Emergency Response Team, comes as a blow to the global giant Microsoft, which has fought successfully to retain its dominance of the browser market - 95 per cent of internet surfers currently use IE. More... [The Independent]

Posted by Horst at 10:25 PM

July 01, 2004

Internet Explorer Frame Injection Vulnerability

Mark Laurence has discovered a 6 year old vulnerability in [the current version of] Microsoft Internet Explorer, allowing malicious people to spoof the content of websites. The problem is that Internet Explorer doesn't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a named frame in another window.

Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site.

This vulnerability is similar to an old vulnerability fixed by MS98-020 in Internet Explorer version 3 and 4. It has been confirmed in a fully patched Internet Explorer 6 running on Microsoft Windows XP. Other versions of Internet Explorer may also be affected. More... [Secunia]

Posted by Horst at 02:23 PM

New scam targets bank customers

On June 24th, a visitor to the SANS Internet Storm Center reported that his company was "...in the middle of a very disturbing ... issue regarding the adware/spyware/IE exploit genre..." The victim of the attack found that a file called "img1big.gif" had been loaded onto their machine. Because of the account restrictions on the person running the machine, it had failed to install properly, which was why it had come to their attention.

The file is not a graphic file at all. It is actually a Win32 executable. The first portion of the file is a "file dropper" Trojan, designed to install any executable concatenated to its body. The second half of the file consists of a Win32 DLL that is installed by the file dropper under WindowsXP as a randomly named .dll file. This DLL is installed as a "Browser Helper Object" (BHO) under Internet Explorer.

This particular BHO watches for HTTPS (secure) access to URLs of several dozen banking and financial sites in multiple countries. When an outbound HTTPS connection is made to such a URL, the BHO then grabs any outbound POST/GET data from within IE before it is encrypted by SSL. It then sends the data to a specific URI. More... [SANS]

Posted by Horst at 12:19 AM
© Copyright 1999-2004 Horst Prillinger, 

Valid XHTML 1.0!  Dublin Core used here   Made with a Mac