BugNet Exposes Serious Microsoft Security Flaw; BugNet Verifies Bug that Wreaks Havoc on Windows Systems.Business Editors/High-Tech Writers LINDON, Utah--(BUSINESS WIRE)--April 23, 2001 BugNet, the world's leading supplier of software bug A problem that causes a program to produce invalid output or to crash (lock up). The problem is either insufficient logic or erroneous logic. For example, a program can crash if there are not enough validity checks performed on the input or on the calculations themselves, and the computer fixes, exposed a Windows vulnerability that allows malicious users to rewrite a Windows registry The Windows registry is a directory which stores settings and options for the operating system for Microsoft Windows 32-bit versions, 64-bit versions and Windows Mobile. It contains information and settings for all the hardware, operating system software, most non-operating system , delete files or even wipe out a hard drive. The bug was originally demonstrated by security analyst Georgi Guninski and later validated by BugNet engineers. The bug originates in Microsoft's Component Object Model (COM (1) (Computer Output Microfilm) Creating microfilm or microfiche from the computer. A COM machine receives print-image output from the computer either online or via tape or disk and creates a film image of each page. ) that is built into all Windows systems since Windows 95. COM objects rely on CLSID (CLasS ID) The identification of a COM object. Applications that support Microsoft's COM architecture register their objects as CLSIDs. See COM and GUID. to uniquely identify a COM object and instruct the operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. how to execute it. Using the CLSID, dangerous executables and scripts can be disguised as innocuous .TXT files. Double-clicking on an obfuscated file will execute, not as a text file, but in whatever way the original program was written. BugNet performed several exploits to ascertain the seriousness of this vulnerability. "We were able to create an Excel spreadsheet with a built-in startup macro that erases files off of the hard disk," said Eric Bowden, general manager, BugNet. "We created a registry merge file that granted us administrative rights on a Windows 2000 domain server. We even selectively destroyed the Windows registry. "Despite the menacing nature of these files, they each hide innocently behind a harmless file name like README.TXT TXT Text TXT Text File (filename extension) TXT Textile TXT Teletext TXT Tecnologia per a Tothom TXT Textron Corporation (stock symbol) . BugNet has posted a file which demonstrates this vulnerability, http://www.bugnet.com/lab/ba010419.html." Until Microsoft creates a patch, the only protection is for the user to vigilantly check files. When browsing network files, look at the file icon to make sure that it matches the file type. Beware of any e-mail attachments that reveal the CLSID filename. Don't double-click it until you double-check it. About BugNet BugNet has become the IT industry's central clearinghouse for information on bugs, as well as the leading provider of software bug fix information. BugNet columns and reports are regularly syndicated in many online and print publications, including MSNBC MSNBC Microsoft/National Broadcasting Company , ZDNet, InfoWorld, and Network Magazine. To find more information about BugNet, to read free excerpts from hundreds of BugNet reports, or to sign up for a subscription to BugNet, visit the BugNet site at http://www.bugnet.com. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion