Date: Thu, 21 Aug 2003 19:34:01 -0400
From: Richard Forno rforno@infowarrior.org
To: declan@well.com
Subject: Some yukks for you - and Politech if you like
The Microsoft Security Bulletin they -=should=- issue, but
won't. :) Was a
long night, and I figured what better way to calm down than to
write
something humorous.
If you like it, feel free to pass to Politech. If not, trash
it. Figured
with the net problems these days, a little bit of reality-based
humor might
help....
-rick
Infowarrior.org
-----------------------------------------------------------------
Title: Ongoing Compromises of the Windows Operating
Environment
Date: 20 August 2003
Software:
- Microsoft Windows 3.1
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- Microsoft Windows SE
- Microsoft Windows ME
- Microsoft Windows 2000
- Microsoft Windows 2000 Server
- Microsoft Windows XP
- Microsoft Windows Server 2003
Impact: Run code of the attacker's choice
Max Risk: Important
Bulletin: MS02-0401 (REVISED)
Microsoft encourages customers to review Security Information
at:
http://www.microsoft.com/security
on a regular basis, and subscribe to
CERT/CC bulletins at http://www.cert.org.
-----------------------------------------------------------------
Issue:
=====
Microsoft Windows is a collection of software components that
enable users
to experience the Internet. All components share a common series
of
interfaces that taken together comprise the Windows Operating
Environment.
- By default, Internet Explorer is enabled on all systems
running Microsoft
Windows. (It should be noted that there are substantial issues
with Internet
Explorer reported; users should consult the Microsoft Security
Resource
Center to obtain the appropriate patches.)
- Insecure scripting languages such as VBScripting are used
throughout the
Microsoft Windows Operating Environment and included in many
Microsoft
applications such as Microsoft Office. Users have reported that
it is
difficult, if not impossible, to completely remove such scripting
features
even though they are proven to be regularly exploitable, thus
making it
likely they will be subject to repeated exploitation.
- Microsoft products often integrate with the operating system
internals,
meaning that by installing new software, particularly from
Microsoft, the
operating system may become modified and thus provide an
opportunity to
introduce new vulnerabilities or exploit trusted relationships
within the
Windows Operating Environment. As such, many applications are
difficult to
uninstall completely from a computer since they may be serving as
patches to
the underlying operating system.
- Improper software development has facilitated repeated
security incidents
resulting in the loss of customer information, e-mail addresses,
system
downtime, and customer productivity in environments based on the
Microsoft
Windows Operating Environment. User misconfiguration is also a
factor.
- Microsoft products are often rushed to market without a
thorough check of
the software quality. Buffer overflows are one result of this
issue, and
after several years of high-profile incidents, continue to impact
the
technology community instead of being fixed once and for all.
Microsoft
notes that it frequently releases patches to existing patches and
believes
this is the best way for users to stay protected given
Microsoft's current
software development and business practices.
- Due to the frequency of patches and critical fixes being
released to the
user community, it's quite likely that many network
administrators are
hesitant to install such patches, since the cure may be worse
than the
original problem, or even create new ones, as evidenced by issues
arising
from several Windows Service Packs over the years.
- Despite advances in marketing a concept of "Trustworthy
Computing" it is
unlikely that there will be any single solution to remedy the
many issues
associated with the security and stability of Microsoft
products.
Microsoft prides itself on innovation and consistency in
developing new and
exciting software products. Over the years, customers have come
to expect
this as a hallmark of how Microsoft does business. The fact that
each new
security incident resulting from Microsoft products presents a
higher degree
of danger to the Internet community is one example of our ability
to produce
software products in a consistent manner with regard to quality
assurance,
reliability, and security. We reiterate our pledge to provide
software
products with a consistent level of quality to our customers
worldwide.
Mitigating Factors:
====================
- For an attack against Microsoft Operating Environment to be
successful,
the user/victim must be running an exploitable version of
Microsoft Windows.
- Microsoft Windows systems operating in closed network
environments stand a
somewhat higher chance of survivability when new security
incidents
regarding Microsoft products is reported than other, more exposed
systems.
Systems that are not connected to a network are most secure from
such
network-based exploits.
Risk Rating:
============
- Important
Patch Availability:
===================
- No patches are available to fix this vulnerability. However,
there are
three technical actions for users to take to increase their level
of
operating system and information security:
(1) Boot the affected computer from a floppy disk.
(2) At the command prompt, type "format c: /sys." For more
severely-damaged
systems, run the FDISK command. (Visit http://fdisk.radified.com/
for
information on this Microsoft-produced disk utility.)
(3) Once complete, decide on what non-Microsoft operating
system you would
like to use instead. Some suggested ones are Linux and Mac OSX.
(Note that
users will need new hardware to take full advantage of Mac OSX.)
Users are
strongly advised to avoid anything with the words "SCO" or
"UnixWare" in it,
as these words represent a company that's almost as greedy and
evil as we
are at Microsoft.
This Advisory supersedes Microsoft Security Bulletin MS02-0401
"Local User
Actions May Provide Unauthorized Remote Access" dated 1 April
2002. This
Bulletin may be found at http://www.infowarrior.org/articles/2002-04.html.
Acknowledgment:
===============
Microsoft thanks Richard Forno for reporting this issue to us
and for
working with us to help protect customers. Richard Forno
(www.infowarrior.org) thanks the internet community for
recognizing a
belated (but quite truthful) April Fools' joke when they see it.
:) He
further thanks Microsoft for producing products that not only
keep him and
his friends employed as IT and security professonals but continue
to pollute
the Internet and adversely impact on people not even running
Windows. Thanks
a bunch, guys.
----------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS"
WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES,
EITHER
EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY
AND FITNESS
FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION
OR ITS
SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT,
INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN
IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF
THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE
EXCLUSION OR
LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE
FOREGOING LIMITATION MAY NOT APPLY. MICROSOFT HAS NO KNOWLEDGE OF
THIS APRIL
FOOLS SATIRE AND HAS NOT ENDORSED IT, NOR DID THIS 'SECURITY
BULLETIN'
ORIGINATE FROM ANY MICROSOFT OFFICE. IT'S A SATIRE -- SO READ IT,
LAUGH, AND
HOPEFULLY LEARN FROM IT. :) MICROSOFT IS A TRADEMARK OF MICROSOFT
CORP.