|
-
June 15th, 2006, 01:02 AM
#1
 No Fix for Critical Windows 98, Me Flaw
-
June 15th, 2006, 05:25 AM
#2
-
June 15th, 2006, 10:21 AM
#3
Excerpts from other related various articles and bulletins ...
Microsoft Technet > Microsoft Security Bulletin MS06-015
Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)
http://www.microsoft.com/technet/sec.../MS06-015.mspx
Affected Software:- ...
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.
Executive Summary: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately. Frequently asked questions (FAQ) related to this security updateIf Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) are listed as an affected product, why is Microsoft not issuing security updates for them?
During the development of Windows 2000, significant enhancements were made to the underlying architecture of Windows Explorer. The Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Windows Explorer architecture is much less robust than the more recent Windows architectures. Due to these fundamental differences, after extensive investigation, Microsoft has found that it is not feasible to make the extensive changes necessary to Windows Explorer on Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) to eliminate the vulnerability. To do so would require reengineer a significant amount of a critical core component of the operating system. After such a reengineering effort, there would be no assurance that applications designed to run on these platforms would continue to operate on the updated system.
Microsoft strongly recommends that customers still using Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) protect those systems by placing them behind a perimeter firewall which is filtering traffic on TCP Port 139. Such a firewall will block attacks attempting to exploit this vulnerability from outside of the firewall, as discussed in the workarounds section below.
Will Microsoft issue security updates for Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) sometime in the future?
Microsoft has extensively investigated an engineering solution for Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME). We have found that these architectures will not support a fix for this issue now or in the future. Workarounds for Windows Shell Vulnerability - CVE-2006-0012:Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
Disable the Web Client service
Disabling the Web Client service will help protect the affected system from attempts to exploit this vulnerability. To disable the Web Client service, follow these steps: - Click Start, and then click Control Panel. Alternatively, point to Settings, and then click Control Panel.
- Double-click Administrative Tools.
- Double-click Services.
- Double-click WebClient.
- In the Startup type list, click Disabled.
- Click Stop, and then click OK.
You can also stop and disable the Web Client service by using the following command at the command prompt:
Code:
sc stop WebClient & sc config WebClient start= disabled
Use the Group Policy settings to disable the WebClient service on all affected systems that do not require this feature.
Because the Web Client service is a possible attack vector, disable the service by using the Group Policy settings. You can disable the startup of this service at either the local, site, domain, or organizational-unit level by using Group Policy object functionality in Windows 2000 domain environments or in Windows Server 2003 domain environments.
Block TCP ports 139 and 445 at the firewall:
Although WebDAV uses TCP port 80 for outbound communication, TCP ports 139 and 445 can be used outbound to attempt to connect to a malicious service and try to exploit this vulnerability. Blocking them at the firewall can help prevent systems that are behind that firewall from attempts to exploit this vulnerability. We recommend that you block all unsolicited inbound communication from the Internet to help prevent attacks that may use other ports. For more information about ports, visit the following Web site.
Internet Security Systems > Research > X-Force Database > X-Force Database Results
Microsoft Windows Explorer COM object code execution
http://xforce.iss.net/xforce/xfdb/25554
win-explorer-com-code-execution (25554)
Microsoft Windows Explorer could allow a remote attacker to execute arbitrary code and take complete control over a victim's system, caused by a vulnerability regarding the handling of folders that have the same GUID as a COM object. An attacker could exploit this vulnerability by persuading a victim to visit a malicious Web site or open a malicious email attachment.
Microsoft Windows Explorer Remote Code Execution Vulnerability (MS06-015)
http://www.frsirt.com/english/advisories/2006/1320
Advisory ID : FrSIRT/ADV-2006-1320
A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers to take complete control of an affected system. This flaw is due to an error in Windows Explorer that does not properly handle certain COM objects, which could be exploited by remote attackers to execute arbitrary commands by convincing a user to visit a web page that could force a connection to a remote file server containing specially crafted files and directories that invoke malicious code.
No Fix for Critical Windows 98, Me Flaw
http://www.betanews.com/article/No_F...law/1149873723
... Microsoft could be leaving millions of computers at risk to attack. "It's surprising how many consumers or businesses still use these older versions, particularly Windows 98. Their continued use partly accounts for an extension of support for about an additional 18 months--from January 2004 to July 2006," Jupiter Research (a division of Jupitermedia Corporation) senior analyst Joe Wilcox told BetaNews.
"Our surveys show that, among consumer households, most older Windows versions run on second or third PCs, and I expect many to remain in use even after security support ends."
More like this: http://www.google.com/search?hl=en&l...22&sa=N&tab=nw
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
