[windows2000] Re: News: Windows VPN Software Allows Attacks

  • From: "Chris McEvoy" <chris@xxxxxxxxxxxxxxxxx>
  • To: <windows2000@xxxxxxxxxxxxx>
  • Date: Thu, 31 Oct 2002 18:00:35 -0000

*sigh* Another day, another security patch (and server reboot ...
Aaaaagggghh!)

=3D42764324 2384739847238472398 492374982374932

> -----Original Message-----
> From: Greg Reese [mailto:GReese@xxxxxxxxxxxxxxxx]=20
> Sent: Thursday 31 October 2002 17:51
> To: windows2000@xxxxxxxxxxxxx
> Subject: [windows2000] News: Windows VPN Software Allows Attacks
>=20
>=20
>=20
> Some of you might find this useful.
>=20
> Greg
>=20
>=20
> From zdnet news:
>=20
> http://zdnet.com.com/2100-1105-964057.html
>=20
> Windows VPN software allows attacks
> By Matthew Broersma=3D20
> Special to ZDNet
> October 31, 2002, 7:41 AM PT
> URL: http://zdnet.com.com/2100-1105-964057.html=3D20
> Windows 2000 and Windows XP servers can be attacked through=20
> the software =3D ordinarily used to create secure connections=20
> to remote workers, =3D Microsoft said on Wednesday.=3D20
>=20
> A buffer overflow in the implementation of Point to Point=20
> Tunneling =3D Protocol (PPTP) in the two operating systems=20
> allows attackers to cause =3D any Windows 2000 or Windows XP=20
> servers to crash. Microsoft also warned =3D of a bug in Windows=20
> 2000 that could allow an attacker to sabotage the =3D system=20
> via a Trojan horse.=3D20
>=20
> The PPTP bug, which received a "critical" rating from=20
> Microsoft, affects =3D both servers and clients, but the client=20
> attack is more difficult to =3D carry out. Microsoft said that=20
> attackers could feed specially-formed =3D control data to the=20
> part of the PPTP software that connects and =3D disconnects=20
> PPTP sessions, which would corrupt the system core memory, =3D=20
> causing the system to fail. Any server that offers PPTP, or a=20
> =3D workstation manually configured to offer PPTP, is affected.=3D20
>=20
> PPTP client systems can also be attacked using the exploit,=20
> but only =3D during an active session, Microsoft said.=3D20
>=20
> The standard is used to create secure connections over=20
> insecure =3D environments such as the Internet. These=20
> connections, known as virtual =3D private networks (VPNs), are=20
> commonly used by remote workers to connect =3D to the company's=20
> network. Windows 2000 Internet servers are most likely =3D to=20
> be affected by the bug, Microsoft said. It does not affect=20
> Windows =3D 98, Windows 98SE, Windows ME or Windows NT=3DAE 4.0.=3D20
>=20
> Users and administrators are recommended to install a patch,=20
> found with =3D the security bulletin on Microsoft's TechNet Web =
site.=3D20
>=20
> The other bug affects Windows 2000 workstations and a select=20
> few Windows =3D XP workstations, and allows a malicious user on=20
> a multi-user system to =3D implant a Trojan horse that could be=20
> automatically executed by another =3D unsuspecting user on the=20
> same machine. The Trojan horse would execute =3D with the=20
> privileges of the user who executed it, allowing it to alter=20
> =3D files, erase hard drives and the like.=3D20
>=20
> The Trojan bug is possible because of the way Windows 2000=20
> searches for =3D programs to execute. In some cases, when a=20
> program is invoked, the =3D operating system looks first in the=20
> system root directory (typically =3D C:\), which is by default=20
> open to all users. If an attacker created a =3D Trojan horse=20
> with the same name as a frequently-used program, the user =3D=20
> could invoke the Trojan instead of the legitimate program.=3D20
>=20
> This attack could most easily be carried out if, at log on,=20
> Windows was =3D set up to automatically invoke certain=20
> programs, and the attacker knew =3D the names of those=20
> programs. Otherwise, the attacker would have to =3D convince=20
> another user to invoke a program using Windows' Start/Run menu. =3D
>=20
>=20
> Workstations that aren't shared would not be vulnerable,=20
> because the =3D attacker must have privileges to log onto the=20
> machine. Servers are at no =3D risk and Remote Terminal server=20
> sessions are also set up in such a way =3D that the attack=20
> would not work.=3D20
>=20
> There is no patch for this bug, but Microsoft recommends that=20
> system =3D administrators review the permissions for the system=20
> root directory.=3D20
>=20
> With the two new warnings, Microsoft has issued 64 alerts=20
> this year. =3D Microsoft earlier this year launched a drive to=20
> make its software more =3D secure.=3D20
>=20
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
> To Unsubscribe, set digest or vacation
> mode or view archives use the below link.
>=20
http://thethin.net/win2000list.cfm

==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts: