Bugtraq mailing list archives
Re: SANS Flash: Most dangerous flaw found in Windows workstations, Fix available.
From: aleph1 () SECURITYFOCUS COM (Elias Levy)
Date: Tue, 18 Jul 2000 13:31:48 -0700
I've gotten enough inquiries about this that I am posting this message. SANS recently sent out an email alert titled "SANS Flash: Most dangerous flaw found in Windows workstations, Fix available." The vulnerability they describe is not new. If you read their message closely you'll see that it was published back in June 27 by Georgi Guniski in BUGTRAQ and that Microsoft published an advisory about it on July 14. The message claims that they "developed this exploit further and realized that this is one of the most serious exploits of Windows workstations in the last several years". What exactly "further" they found is anyones guess. Georgi's message is clear enough about the problem. I don't know what SANS gets by releasing old information as new. In his message Georgi clearly describes how you can penetrate someone's machine when they visit a web page or read an email message by creating a malicious Access database file. Furthermore in a follow up message Paul Rogers pointed out the setting IE's setting of "Run ActiveX controls and plug-ins" to Prompt of Disable would not stop the vulnerability. You can find more information about the problem at http://www.securityfocus.com/bid/1398 Its also silly for SANS to call this the "most dangerous flaw found in Windows workstations". It this a dangerous flaw? Yes, very much so. But there have been flaws in the past that have been worse. For example, the MIME buffer overflow in email clients such as Netscape and Outlook. Remember for this problem to work you need to have Access installed. As a matter of fact I consider the problem announced today about a buffer overflow vulnerability in Outlook and Outlook Express to be more dangerous as it does not require any other program to be installed. For information about that problem can be found at http://www.securityfocus.com/bid/1481 Of more interest, and something that SANS fails to point out, is that Microsoft has not really implemented a fix to the problem. In their MS00-049 advisory Microsoft provides a workaround to the problem not a real fix. At least the advisory FAQ states they are working and will be releasing a real patch. I would also caution anyone from using a vulnerability to patch a vulnerability. Most vulnerabilities are bugs and do not have well defined behavior. As such trying to use is as a mechanism to apply fixes is a risky proposition. While certainly an intriguing if well known idea it may not perform reliably and you will be left with a false sense of security if it fails to fix the problem. Guniski's original message to BUGTRAQ can be found at 39589359.762392DB () nat bg">http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589359.762392DB () nat bg</A> -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
Current thread:
- Re: SANS Flash: Most dangerous flaw found in Windows workstations, Fix available. Elias Levy (Jul 18)
- Aaron Drew - Security Advisory: Buffer Overflow in MS Outlook & Outlook Express Email Clients Ussr Labs (Jul 18)
- Re: SANS Flash: Most dangerous flaw found in Windows workstations, Fix available. CERT Coordination Center (Jul 18)