[windows2000] News: Windows VPN Software Allows Attacks

  • From: "Greg Reese" <GReese@xxxxxxxxxxxxxxxx>
  • To: <windows2000@xxxxxxxxxxxxx>
  • Date: Thu, 31 Oct 2002 12:50:43 -0500

Some of you might find this useful.

Greg


From zdnet news:

http://zdnet.com.com/2100-1105-964057.html

Windows VPN software allows attacks
By Matthew Broersma=20
Special to ZDNet
October 31, 2002, 7:41 AM PT
URL: http://zdnet.com.com/2100-1105-964057.html=20
Windows 2000 and Windows XP servers can be attacked through the software =
ordinarily used to create secure connections to remote workers, =
Microsoft said on Wednesday.=20

A buffer overflow in the implementation of Point to Point Tunneling =
Protocol (PPTP) in the two operating systems allows attackers to cause =
any Windows 2000 or Windows XP servers to crash. Microsoft also warned =
of a bug in Windows 2000 that could allow an attacker to sabotage the =
system via a Trojan horse.=20

The PPTP bug, which received a "critical" rating from Microsoft, affects =
both servers and clients, but the client attack is more difficult to =
carry out. Microsoft said that attackers could feed specially-formed =
control data to the part of the PPTP software that connects and =
disconnects PPTP sessions, which would corrupt the system core memory, =
causing the system to fail. Any server that offers PPTP, or a =
workstation manually configured to offer PPTP, is affected.=20

PPTP client systems can also be attacked using the exploit, but only =
during an active session, Microsoft said.=20

The standard is used to create secure connections over insecure =
environments such as the Internet. These connections, known as virtual =
private networks (VPNs), are commonly used by remote workers to connect =
to the company's network. Windows 2000 Internet servers are most likely =
to be affected by the bug, Microsoft said. It does not affect Windows =
98, Windows 98SE, Windows ME or Windows NT=AE 4.0.=20

Users and administrators are recommended to install a patch, found with =
the security bulletin on Microsoft's TechNet Web site.=20

The other bug affects Windows 2000 workstations and a select few Windows =
XP workstations, and allows a malicious user on a multi-user system to =
implant a Trojan horse that could be automatically executed by another =
unsuspecting user on the same machine. The Trojan horse would execute =
with the privileges of the user who executed it, allowing it to alter =
files, erase hard drives and the like.=20

The Trojan bug is possible because of the way Windows 2000 searches for =
programs to execute. In some cases, when a program is invoked, the =
operating system looks first in the system root directory (typically =
C:\), which is by default open to all users. If an attacker created a =
Trojan horse with the same name as a frequently-used program, the user =
could invoke the Trojan instead of the legitimate program.=20

This attack could most easily be carried out if, at log on, Windows was =
set up to automatically invoke certain programs, and the attacker knew =
the names of those programs. Otherwise, the attacker would have to =
convince another user to invoke a program using Windows' Start/Run menu. =


Workstations that aren't shared would not be vulnerable, because the =
attacker must have privileges to log onto the machine. Servers are at no =
risk and Remote Terminal server sessions are also set up in such a way =
that the attack would not work.=20

There is no patch for this bug, but Microsoft recommends that system =
administrators review the permissions for the system root directory.=20

With the two new warnings, Microsoft has issued 64 alerts this year. =
Microsoft earlier this year launched a drive to make its software more =
secure.=20

==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts: