Date: Thu, 21 Aug 2003 19:34:01 -0400
From: Richard Forno rforno@infowarrior.org
To: declan@well.com
Subject: Some yukks for you - and Politech if you like

The Microsoft Security Bulletin they -=should=- issue, but won't. :) Was a
long night, and I figured what better way to calm down than to write
something humorous.

If you like it, feel free to pass to Politech. If not, trash it. Figured
with the net problems these days, a little bit of reality-based humor might
help....

-rick
Infowarrior.org

-----------------------------------------------------------------

Title: Ongoing Compromises of the Windows Operating Environment
Date: 20 August 2003

Software:

- Microsoft Windows 3.1
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- Microsoft Windows SE
- Microsoft Windows ME
- Microsoft Windows 2000
- Microsoft Windows 2000 Server
- Microsoft Windows XP
- Microsoft Windows Server 2003

Impact: Run code of the attacker's choice
Max Risk: Important
Bulletin: MS02-0401 (REVISED)

Microsoft encourages customers to review Security Information at:
http://www.microsoft.com/security on a regular basis, and subscribe to
CERT/CC bulletins at http://www.cert.org.
-----------------------------------------------------------------

Issue:
=====

Microsoft Windows is a collection of software components that enable users
to experience the Internet. All components share a common series of
interfaces that taken together comprise the Windows Operating Environment.

- By default, Internet Explorer is enabled on all systems running Microsoft
Windows. (It should be noted that there are substantial issues with Internet
Explorer reported; users should consult the Microsoft Security Resource
Center to obtain the appropriate patches.)

- Insecure scripting languages such as VBScripting are used throughout the
Microsoft Windows Operating Environment and included in many Microsoft
applications such as Microsoft Office. Users have reported that it is
difficult, if not impossible, to completely remove such scripting features
even though they are proven to be regularly exploitable, thus making it
likely they will be subject to repeated exploitation.

- Microsoft products often integrate with the operating system internals,
meaning that by installing new software, particularly from Microsoft, the
operating system may become modified and thus provide an opportunity to
introduce new vulnerabilities or exploit trusted relationships within the
Windows Operating Environment. As such, many applications are difficult to
uninstall completely from a computer since they may be serving as patches to
the underlying operating system.

- Improper software development has facilitated repeated security incidents
resulting in the loss of customer information, e-mail addresses, system
downtime, and customer productivity in environments based on the Microsoft
Windows Operating Environment. User misconfiguration is also a factor.

- Microsoft products are often rushed to market without a thorough check of
the software quality. Buffer overflows are one result of this issue, and
after several years of high-profile incidents, continue to impact the
technology community instead of being fixed once and for all. Microsoft
notes that it frequently releases patches to existing patches and believes
this is the best way for users to stay protected given Microsoft's current
software development and business practices.

- Due to the frequency of patches and critical fixes being released to the
user community, it's quite likely that many network administrators are
hesitant to install such patches, since the cure may be worse than the
original problem, or even create new ones, as evidenced by issues arising
from several Windows Service Packs over the years.

- Despite advances in marketing a concept of "Trustworthy Computing" it is
unlikely that there will be any single solution to remedy the many issues
associated with the security and stability of Microsoft products.

Microsoft prides itself on innovation and consistency in developing new and
exciting software products. Over the years, customers have come to expect
this as a hallmark of how Microsoft does business. The fact that each new
security incident resulting from Microsoft products presents a higher degree
of danger to the Internet community is one example of our ability to produce
software products in a consistent manner with regard to quality assurance,
reliability, and security. We reiterate our pledge to provide software
products with a consistent level of quality to our customers worldwide.


Mitigating Factors:
====================

- For an attack against Microsoft Operating Environment to be successful,
the user/victim must be running an exploitable version of Microsoft Windows.

- Microsoft Windows systems operating in closed network environments stand a
somewhat higher chance of survivability when new security incidents
regarding Microsoft products is reported than other, more exposed systems.
Systems that are not connected to a network are most secure from such
network-based exploits.


Risk Rating:
============

- Important


Patch Availability:
===================

- No patches are available to fix this vulnerability. However, there are
three technical actions for users to take to increase their level of
operating system and information security:

(1) Boot the affected computer from a floppy disk.

(2) At the command prompt, type "format c: /sys." For more severely-damaged
systems, run the FDISK command. (Visit http://fdisk.radified.com/ for
information on this Microsoft-produced disk utility.)

(3) Once complete, decide on what non-Microsoft operating system you would
like to use instead. Some suggested ones are Linux and Mac OSX. (Note that
users will need new hardware to take full advantage of Mac OSX.) Users are
strongly advised to avoid anything with the words "SCO" or "UnixWare" in it,
as these words represent a company that's almost as greedy and evil as we
are at Microsoft.

This Advisory supersedes Microsoft Security Bulletin MS02-0401 "Local User
Actions May Provide Unauthorized Remote Access" dated 1 April 2002. This
Bulletin may be found at http://www.infowarrior.org/articles/2002-04.html.


Acknowledgment:
===============

Microsoft thanks Richard Forno for reporting this issue to us and for
working with us to help protect customers. Richard Forno
(www.infowarrior.org) thanks the internet community for recognizing a
belated (but quite truthful) April Fools' joke when they see it. :) He
further thanks Microsoft for producing products that not only keep him and
his friends employed as IT and security professonals but continue to pollute
the Internet and adversely impact on people not even running Windows. Thanks
a bunch, guys.

----------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS"
WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER
EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS
SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN
IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR
LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE
FOREGOING LIMITATION MAY NOT APPLY. MICROSOFT HAS NO KNOWLEDGE OF THIS APRIL
FOOLS SATIRE AND HAS NOT ENDORSED IT, NOR DID THIS 'SECURITY BULLETIN'
ORIGINATE FROM ANY MICROSOFT OFFICE. IT'S A SATIRE -- SO READ IT, LAUGH, AND
HOPEFULLY LEARN FROM IT. :) MICROSOFT IS A TRADEMARK OF MICROSOFT CORP.