*sigh* Another day, another security patch (and server reboot ... Aaaaagggghh!) =3D42764324 2384739847238472398 492374982374932 > -----Original Message----- > From: Greg Reese [mailto:GReese@xxxxxxxxxxxxxxxx]=20 > Sent: Thursday 31 October 2002 17:51 > To: windows2000@xxxxxxxxxxxxx > Subject: [windows2000] News: Windows VPN Software Allows Attacks >=20 >=20 >=20 > Some of you might find this useful. >=20 > Greg >=20 >=20 > From zdnet news: >=20 > http://zdnet.com.com/2100-1105-964057.html >=20 > Windows VPN software allows attacks > By Matthew Broersma=3D20 > Special to ZDNet > October 31, 2002, 7:41 AM PT > URL: http://zdnet.com.com/2100-1105-964057.html=3D20 > Windows 2000 and Windows XP servers can be attacked through=20 > the software =3D ordinarily used to create secure connections=20 > to remote workers, =3D Microsoft said on Wednesday.=3D20 >=20 > A buffer overflow in the implementation of Point to Point=20 > Tunneling =3D Protocol (PPTP) in the two operating systems=20 > allows attackers to cause =3D any Windows 2000 or Windows XP=20 > servers to crash. Microsoft also warned =3D of a bug in Windows=20 > 2000 that could allow an attacker to sabotage the =3D system=20 > via a Trojan horse.=3D20 >=20 > The PPTP bug, which received a "critical" rating from=20 > Microsoft, affects =3D both servers and clients, but the client=20 > attack is more difficult to =3D carry out. Microsoft said that=20 > attackers could feed specially-formed =3D control data to the=20 > part of the PPTP software that connects and =3D disconnects=20 > PPTP sessions, which would corrupt the system core memory, =3D=20 > causing the system to fail. Any server that offers PPTP, or a=20 > =3D workstation manually configured to offer PPTP, is affected.=3D20 >=20 > PPTP client systems can also be attacked using the exploit,=20 > but only =3D during an active session, Microsoft said.=3D20 >=20 > The standard is used to create secure connections over=20 > insecure =3D environments such as the Internet. These=20 > connections, known as virtual =3D private networks (VPNs), are=20 > commonly used by remote workers to connect =3D to the company's=20 > network. Windows 2000 Internet servers are most likely =3D to=20 > be affected by the bug, Microsoft said. It does not affect=20 > Windows =3D 98, Windows 98SE, Windows ME or Windows NT=3DAE 4.0.=3D20 >=20 > Users and administrators are recommended to install a patch,=20 > found with =3D the security bulletin on Microsoft's TechNet Web = site.=3D20 >=20 > The other bug affects Windows 2000 workstations and a select=20 > few Windows =3D XP workstations, and allows a malicious user on=20 > a multi-user system to =3D implant a Trojan horse that could be=20 > automatically executed by another =3D unsuspecting user on the=20 > same machine. The Trojan horse would execute =3D with the=20 > privileges of the user who executed it, allowing it to alter=20 > =3D files, erase hard drives and the like.=3D20 >=20 > The Trojan bug is possible because of the way Windows 2000=20 > searches for =3D programs to execute. In some cases, when a=20 > program is invoked, the =3D operating system looks first in the=20 > system root directory (typically =3D C:\), which is by default=20 > open to all users. If an attacker created a =3D Trojan horse=20 > with the same name as a frequently-used program, the user =3D=20 > could invoke the Trojan instead of the legitimate program.=3D20 >=20 > This attack could most easily be carried out if, at log on,=20 > Windows was =3D set up to automatically invoke certain=20 > programs, and the attacker knew =3D the names of those=20 > programs. Otherwise, the attacker would have to =3D convince=20 > another user to invoke a program using Windows' Start/Run menu. =3D >=20 >=20 > Workstations that aren't shared would not be vulnerable,=20 > because the =3D attacker must have privileges to log onto the=20 > machine. Servers are at no =3D risk and Remote Terminal server=20 > sessions are also set up in such a way =3D that the attack=20 > would not work.=3D20 >=20 > There is no patch for this bug, but Microsoft recommends that=20 > system =3D administrators review the permissions for the system=20 > root directory.=3D20 >=20 > With the two new warnings, Microsoft has issued 64 alerts=20 > this year. =3D Microsoft earlier this year launched a drive to=20 > make its software more =3D secure.=3D20 >=20 > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > To Unsubscribe, set digest or vacation > mode or view archives use the below link. >=20 http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm