|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Alert: Microsoft Security Bulletin (MS99-008) - NT Screensaver Vu lnerability
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Alert: Microsoft Security Bulletin (MS99-008) - NT Screensaver Vu lnerability
- From: Russ <Russ.CooperRC.ON.CA>
- Date: Sat, 13 Mar 1999 02:38:08 -0500
- Approved-By: Russ.CooperRC.ON.CA
- Reply-To: Russ <Russ.CooperRC.ON.CA>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
Microsoft have released a Security Bulletin <http://www.microsoft.com/security/bulletins/ms99-008.asp> which covers an issue raised by Cybermedia Software Private Limited in their March 10th, 1999 announcement <http://www.cybermedia.co.in/NT_Security/SS_vulnerability.htm>. Microsoft's bulletin is more forth-coming than usual in pointing out the potential for exploit, something I'm sure we all welcome. Although they do not explicitly state it, the fact that a ScrnSav-fix directory has been added under the Post-SP3 and Post-SP4 directories of NT 4.0 and NT 4.0 Terminal Server (intel and alpha), I guess its safe to say that the exploit could've been made to work on releases beyond SP1 (as was originally reported). Small savings are gained from Cybermedia's inability to create a demonstration exploit for SP3 or SP4 I guess (not that someone won't do one in the future). Anyone thinking of implementing this fix should seriously look at the security of user profiles. Screen Savers represent all sorts of other potential issues, and if properly controlled prior to the announcement of this exploit, the exploit probably didn't represent much of a direct threat. That said, the lack of verification of a security context change in a core component of NT is, as MS put it in their Bulletin, "the underlying problem". The daunting size of NT, in terms of secure programming practice verification, is truly showing if this functionality has not been verified throughout all NT applications. Stop and count the number of processes you can think of that do security context switching...;-[ Microsoft have prepared a KB article <http://support.microsoft.com/support/kb/articles/q221/9/91.asp> describing the vulnerability. This article was not available when I checked. Finally, while not directly related to this issue, I had a conversation with individuals representing Cybermedia Software Private Limited. In particular I discussed with them the issue of releasing exploits to the "media" without receiving any response from the vendor (or waiting any amount of time for such a response). Its certainly their right, as it is anyone's, to do this. However, in the spirit of White Hat Infosec, I sought to encourage them to, um, do things differently in the future. Their message to me was that they would "definitely notify Microsoft ahead of time and adopt that as a policy". I offered them, as I hope you all know I offer you, NTBugtraq's full support and capabilities for getting the right people involved when a discovery needs to be addressed. Cheers, Russ - NTBugtraq moderator
- Prev by Date: [ ALERT ] Case Sensitivity and Symbolic Links
- Next by Date: Re: [ ALERT ] Case Sensitivity and Symbolic Links
- Prev by thread: Re: [ ALERT ] Case Sensitivity and Symbolic Links
- Next by thread: AW: [ ALERT ] Case Sensitivity and Symbolic Links
- Index(es):