Had fun with this today...(computer security issue)

gadget_lover

Flashaholic
Joined
Oct 7, 2003
Messages
7,148
Location
Near Silicon Valley (too near)
Yeah there was an alert out about that one yesterday.

I almost forgot about it till I realized my wife spends hours each day on the web using a Windows PC.

has it scewed up systems you are responsible for, Jumpmaster?



Daniel
 

Jumpmaster

Flashlight Enthusiast
Joined
Jun 14, 2001
Messages
1,655
Location
Friggin' MORE COWBELL!!!
gadget_lover said:
has it scewed up systems you are responsible for, Jumpmaster?

I'll find out Monday. :)

I was helping a friend with problems with this today...it completely screwed up several critical systems there.

JM-99
 

idleprocess

Flashaholic
Joined
Feb 29, 2004
Messages
7,196
Location
decamped
Here's (some of) what MSFT has to say about it:
Microsoft is investigating new public reports of attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker.

It looks like one can be compromised via a website without having to download anything. The exploit will have the same permissions as the local user - so don't be logging in as root, like you've always been taught!

I always knew that Comet Cursor and its ilk was out to get me!
 
Last edited:

cerbie

Enlightened
Joined
Feb 28, 2006
Messages
556
idleprocess said:
Here's (some of) what MSFT has to say about it:

It looks like one can be compromised via a website without having to download anything.
You are downloading and opening files when you visit a website. Your web browser figures out, by the type and context of the files, what it should do with them. If it can't tell, you're given that save as dialog. But just because you don't get that doesn't mean the same underlying process is not happening. It is.

From the BBC:
"Security firms said users can stay safe from this vulnerability by using an alternative browser, such as Opera or Firefox 2.0, with Windows. Also protected are those using Windows Vista with Internet Explorer 7.0."

From what I read, IE7 must be in protected mode, too. So, another case of being pretty safe without having to work at it (if you primarily use IE on your home machine...well, switch to something else, ASAP! This isn't the first, and won't be the last time!). It's businesses using whole MS systems, and thus being tied to IE, that are going to be nailed by this. Even with perimeter security is place, this can get by with a user that's used to IE going to browse the web.
 

idleprocess

Flashaholic
Joined
Feb 29, 2004
Messages
7,196
Location
decamped
cerbie said:
You are downloading and opening files when you visit a website. Your web browser figures out, by the type and context of the files, what it should do with them. If it can't tell, you're given that save as dialog. But just because you don't get that doesn't mean the same underlying process is not happening. It is.

[sigh]

Of course you're downloading files when you open a website. Any embedded/referenced page element is executed if the browser knows what to do with it - HTML, images, scripts, plug-ins, etc. The trick seems to be that this exploit is automatically executed by many browsers as an embedded or referenced file. For many file types, saving it to disk is a desirable default action.

A large percentage of web exploits require the user to do something - download and execute a file, give some script permissions, install a malicious plug-in, etc. This doesn't, so it's a much bigger problem. Way to go, Microsoft.
 

PhotonWrangler

Flashaholic
Joined
Oct 19, 2003
Messages
14,596
Location
In a handbasket
I only use IE when I absolutely have to in order to access a website that was created by MS tunnelheads. While that leaves my penetrability at something less than zero, it's close enough for practical purposes.

Now if we could only convince more webmasters to code for multiple browsers...
 

matrixshaman

Flashlight Enthusiast
Joined
Jan 17, 2005
Messages
3,410
Location
Outside the Matrix
Just another reason I've used Opera as a browser for many years. It is not based on the Internet Explorer engine as so many others are. That and NAT and a fine tuned firewall and up to date virus protection are all necessary things. I ran my browser on the 'Test' page and it did NOT crash as IE would if unpatched.
 
Top