The Evil Empire
Information about Microsoft, bugs, security holes, and dirty business tactics.
Updated irregularly (about once per week)

Microsoft Internet Explorer XP SP2 Fully Automated Remote Compromise

Although hundreds of millions of dollars have been spent on securing SP2, perfection is impossible. Through the joint effort of Michael Evanchik and Paul from Greyhats Security, a very critical vulnerability has been developed that can compromise a user's system without the need for user interaction besides visiting the malicious page. The vulnerability is not actually a vulnerability in itself, but rather it is uses multiple known holes in SP2 including Help ActiveX Control Related Topics Zone Security Bypass Vulnerability and Help ActiveX Control Related Topics Cross Site Scripting Vulnerability. More... [Greyhats Security]

Vier neue Sicherheitslücken in Windows aufgedeckt

Die Spezialisten des chinesischen Sicherheitsdienstleisters Venustech haben drei Advisorys zu vier Schwachstellen in Windows veröffentlicht. Angreifer können mit manipulierten Dateien, Web-Seiten und Bildern einen Rechner zum Absturz bringen oder Code einschleusen und ausführen. Dazu sind auch bereits Proof-of-Concept-Exploits verfügbar. Der Zeitpunkt der Veröffentlichung ist denkbar ungünstig, da auch Administratoren und Sicherheitsexperten in der Regel über die Weihnachtsfeiertage Urlaub haben. Weiterlesen... [heise.de]

Exploits released for new Windows flaws

A Chinese security group has released sample code to exploit two new unpatched flaws in Microsoft Windows. The advisory comes in the week before Christmas, a time when many companies and home users are least prepared to deal with the problems. Security firm Symantec warned its clients of the vulnerabilities on Thursday, after the Chinese company that found the flaws published them to the Internet.

One vulnerability, in the operating system's LoadImage function, could enable an attacker to compromise a victim's PC when the computer displays a specially crafted image placed on a Web site or in an e-mail. The other vulnerability, in the Windows Help program, likewise could affect any program that opens a Help file. Because the flaws are in a library used by Windows programs, almost all browsers and e-mail clients are likely affected by the flaws, said Alfred Huger, senior director of engineering at Symantec. More... [CNet News.com]

Researchers warn of multiple unpatched Windows holes

Antivirus company Symantec Corp. warned its customers about a number of critical holes in Microsoft Corp.'s Windows operating system that surfaced late yesterday and that could make Windows systems vulnerable to compromise by remote attackers.

Symantec acted after security researchers published the details of the heap overflow vulnerabilities in messages posted to online security news groups Thursday, including the Bugtraq mailing list, and on xfocus.net. The flaws affect most supported versions of Windows, but Microsoft has not yet issued a patch for the newly disclosed holes. Windows users are vulnerable to Internet based attacks until patches are issued, Symantec said. More... [ComputerWorld]

Merry Christmas!

The future of this weblog

I have been thinking about retiring this weblog at the end of this year. At about 25-30 readers per day, its performance is not exactly stellar, and over the past few months, my interest in maintaining it has been fading slowly. The original idea when I started it five years ago was to document the unreliability of Microsoft's products and their dirty business tactics for later reference. In the meantime, both have become common knowledge, so I'm not sure whether my service is really needed any longer. On the other hand, I somehow can't let go, and I'm sure that if something nasty happens in Redmond, I'll definitely be writing about it. So I'm at a loss here. I don't want to invest much time in it, but I don't want to abandon it either. So please, would anybody who thinks this is a valuable service please speak up now to give me a rough idea whether it's worth continuing.

With Non-Critical Bugs Like These, Who Needs the Real Thing?

Larry Seltzer: 'After Microsoft's early warning indicated that the five vulnerability disclosures this week would be no more than "Important"—as opposed to "Critical"—I figured no biggie, I went out for the day. Well, if this is what Microsoft doesn't call "Critical" then their standards have changed. MS04-045—known far and wide as the WINS bug—is the worst example of this.' More... [eWeek]

Spyware still hijacking Internet Explorer

Anti-spyware companies have warned users to be aware of a malicious program that hijacks Web searches and disables security settings in the Internet Explorer (IE) browser. According to anti-spyware company Webroot on Tuesday, spyware program CoolWebSearch self-installs malicious HTML applications and exploits security flaws in IE.

"This has vexed all of us," said Nick Lewis, managing director of Webroot. "For consumers, CoolWebSearch is probably on of the most vicious programs in terms of how nasty it is. It completely hijacks the browser so you can't do anything."

Webroot recommends that users should install Microsoft security patches and disable downloads via ActiveX in Internet Explorer. More... [ZDNet]

Internet Explorer Becomes more Unsafe - Microsoft Please Help

The Recent finding points at a very sensitive risk for the E commerce websites where in the fake websites can show the Same Address in the URL Bar of the Internet Explorer as that of your most trusted website, While you will be surfing the website of a fake internet merchant, who might take away your sensitive information like Credit Card Number.

The vulnerability lets an attacker display any website while the address bar in IE will display a trusted web address, for example www.drugstore.com/, and even show the icon indicating SSL (Secure Socket Layer) security, security researchers warned.

The issue could result in more sophisticated phishing scams, a prevalent type of online attack that typically combines spam e-mail messages and web pages that look like legitimate e-commerce sites to steal sensitive information such as user names, passwords and credit card numbers. More... [Express Newsline]

Yet another serious Explorer hole

A new Explorer hole will make online scam artists lives even easier, by allowing them to make a fake website look more like the real thing than ever before.

The vulnerability lets an attacker display any website they wish while Explorer's address bar displays a trusted Web address, even with the security SSL icon displayed. It could result in more sophisticated phishing scams, where spam and Web pages that look like legitimate e-commerce sites are used to steal sensitive information such as user names, passwords and credit card numbers. More... [TechWorld]

Zero-Day Exploit of CHM Vulnerability in Internet Explorer

As you surf the Web, and particularly when deciding whether or not to click on that URL link in the spam email message you just received about the lowest mortgage rates ever or how you can buy Viagra cheap from Canada over the Internet- beware that there is a new vulnerability in Internet Explorer for which exploit code already exists.

This seems to be another variation of some previous vulnerabilities regarding MHTML in Internet Explorer. This one uses the MS-ITS InfoTech Protocol to force redirection of MHTML. Exploiting this vulnerability is believed to allow the attacker to execute code on the target machine in the context of Local Zone which generally has much less restrictive security settings. More... [About.com]

Microsoft Still Coy On Critical Bug In Windows XP SP2

Although Microsoft issued five security bulletins Tuesday as part of its regularly-scheduled patch process, another touted as "Critical" and specific to Windows XP SP2 generally slipped under the radar, and the company still isn't saying much about it.

The fix to Windows XP Service Pack 2's (SP2) bundled firewall was outlined in a Knowledgebase article, but not mentioned in any of the security bulletins. Microsoft labeled it a "Critical" vulnerability, which is the most dire of its four security warnings. None of the flaws disclosed Tuesday were rated higher than "Important," the second-highest alert.

According to Microsoft's advisory, "after you set up Microsoft Windows Firewall in Microsoft Windows XP Service Pack 2 (SP2), you may discover that your computer can be accessed by anyone on the Internet when you use a dial-up connection to connect to the Internet."

Oops. That could pose a problem for some users, needless to say. More... [InformationWeek]

Microsoft ends year with critical security alert

Microsoft has released its last regular security update of the year which includes five new patches, all rated 'important', and the reissue of a 'critical' patch after extensive revisions.

Patch 28 fixes a buffer overrun vulnerability in the software that handles JPEG files in Outlook, IE6, Windows XP, Server 2003, .Net 1.0 SP2 and .Net 1.1. Users are advised to download the patch and install it immediately.

Windows XP SP2 users are not immune, as three of the patches are needed on their systems. All Windows PC and server operating systems are affected by the updates. More... [Computeractive]

Microsoft Internet Explorer FTP Command Injection Vulnerability

Albert Puigsech Galicia has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to conduct FTP command injection attacks. The vulnerability is caused due to insufficient input validation of FTP URIs. This can be exploited by e.g. a malicious website to inject arbitrary FTP commands in a FTP session using a specially crafted pathname containing "%0A" characters. More... [Secunia]

Vulnerability allows scammers to hijack pop-ups

Security researchers warned this week of a vulnerability in most Web browsers which could potentially allow scammers to launch phishing attacks from pop-up windows on trusted Web sites. The vulnerability arises when an Internet user opens browser windows for both a legitimate Web site and a malicious site at the same time. Because of an old functionality that exists in most browsers, the malicious site can potentially display information in a pop-up window from the trusted site, according to Secunia Research. More... [The Industry Standard]

Microsoft Internet Explorer Window Injection Vulnerability

Secunia Research has reported a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to spoof the content of websites. The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website. More... [Secunia]

Microsoft Issues Internet Explorer Security Update

A critical flaw in Microsoft Corp.'s Internet Explorer Web browser could allow a hacker to take control of a computer, the world's largest software maker said on Wednesday. Microsoft, which issued the security bulletin outside of its regular monthly security update cycle, said that the software flaw can be fixed by downloading a software patch at its Web site www.microsoft.com/security.

Microsoft warned that a hacker could design a Web page that could take advantage of the flaw in Internet Explorer, allowing a malicious software writer to take control, steal or erase data from a computer. More... [Reuters]