Leggete, c'è da morir dal ridere ... anche se è tutto terribilmente vero. ------------------------------------- Microsoft Security Bulletin MS02-0401 Local User Actions May Provide Unauthorized Remote Access Originally posted: April 1, 2002 Summary Who should read this bulletin: Customers and administrators of Microsoft Windows operating systems. Impact of vulnerability: Critical. Recommendation: Customers using affected versions of the Windows operating systems mentioned in this document should follow the guidance shown below. Affected Software: - Microsoft Windows 3.1, 95, 98, SE, and ME - Microsoft Windows NT and 2000 (all versions) - Microsoft Windows XP (Home and Professional) Technical details and description: Microsoft Windows draws on many shared system resources (e.g., Dynamic Link Libraries (.DLL) and shared swap files) as part of normal operation. More significantly, Windows, like all computer systems, utilizes the industry standard Alternating Current Power Supply Management Process(ACPSMP) to facilitate the robust Windows system utilization environment for users and administrators. However, it has been determined that using ACPSMP with Windows presents a significant operational and security risk. Exploiting the ACPSMP dependency of Windows could allow an attacker to take actions such as the unauthorized access, modification, or deletion of data; placing malicious code on one system to potentially attack another; or changing system security settings. In the case of networked systems, particularly Windows-based servers, a malicious attacker could attempt to exploit this vulnerability by locating the affected system on a local- or wide-area network and subsequently conduct unauthorized activities against/on such systems. Examples of the types of potential attacks resulting from the ACPSMP vulnerability can be found at Microsoft Technet. Mitigating factors: - The vulnerability may not present itself to an attacker provided the customer implements appropriate system and network security standards and preventative practices outlined below. - Various vendor-endorsed, user-level remediating for affected systems are found later in this document. Vulnerability Identifier: USA-2002-0401 Tested Versions: Microsoft tested the following products to assess whether they are affected by these vulnerabilities. Previous versions are no longer supported, and may or may not be affected by these vulnerabilities. Vendor-endorsed corrective actions only apply to the following, supported, Microsoft products impacted by this vulnerability: - Microsoft Windows 3.1, 95, 98, SE, and ME - Microsoft Windows NT and 2000 (all versions) - Microsoft Windows XP (Home and Professional) Frequently asked questions about this vulnerability: What's the scope of the vulnerability? This vulnerability is present on all Microsoft Windows operating systems, with an increased risk to those systems residing on a local- or wide-area network, including the Internet. Exploiting the ACPSMP within Windows systems could allow an attacker to take actions such as the unauthorized access, modification, or deletion of data; placing malicious code on one system to potentially attack another; or changing the macro security settings. This vulnerability is significant due to poor software development standards and the apparent lack of adequate software quality assurance testing prior to the public release of the Windows operating system by its vendor. Reducing the potential exposure of a vulnerable system is possible if the customer implements appropriate system and network security standards and practices promoted by the Carnegie Mellon Computer Emergency Response Team (CERT), the System Administration and Security Institute (SANS), or other computer security organizations. However, these are short-term temporary measures that do not directly address the underlying vulnerability. Refer to the 'Remediation Instructions' found below for more complete, long-term corrective measures. What causes the vulnerability? Through the implementation of ACPSMP, Microsoft Windows, like all computer systems, requires an uninterrupted flow of tailored power to system hardware components. As mentioned, this has been determined to be a potential security risk to Microsoft Windows systems. Terminating the power flow to the Windows system hardware will prevent network-based security compromises (e.g., viruses, worms, or hacking) from an unauthorized third party. As long as electrical or battery power is provided to a Windows-based computer, the potential for system exploitation remains. What is ACPSM? The Alternating Current Power Supply Management Process (ACPSMP) is the industry-standard power management system for computers, peripherals, and other electronic hardware, and can be as simple a function as plugging a computer or peripheral into an electrical outlet. ACPSMP is the process through which a computer user provides electronic power to computer components to enable their use. Can't Windows or my anti-virus software protect against this problem? Because Windows and other security applications, such as anti-virus tools and firewalls, reside within the Windows operating environment, they are unable to protect against the need for ACPSMP, which operates outside, but is essential to, the parameters of your computer's operating system environment. Who should apply the fixes? Anyone using or administering systems running the affected software versions should conduct the following actions, based on their product and operating environment. Remediating Instructions for Home and Small Business Users To prevent the potential exploitation of the ACPSMP vulnerability, users are advised to remove their affected Windows system from public networks or the Internet unless necessary for critical purposes such as MP3 searching or porn downloading. The ACPSMP vulnerability is best addressed through user education, such as done to counter 'social engineering' attacks. Such education might include informing users not to plug in or turn on their Windows-based computer, thereby preventing the flow of electrons into the computer and thus preventing the ACPSMP vulnerability. Remediating Instructions for Corporate/Enterprise Users Corporate users are advised to remove affected Windows systems from networked connections unless necessary for critical business purposes. However, the ACPSMP vulnerability is best addressed through user education, such as done to counter 'social engineering' attacks. Such education might include informing users not to plug in or turn on their Windows-based computer, thereby preventing the flow of electrons into the computer and thus preventing the ACPSMP vulnerability. Given the nature of the ACPSMP vulnerability and Windows' inability to adequately mitigate this issue, senior technical managers and executives are strongly advised to reevaluate continued corporate use of Microsoft Windows as their operating system within their organizations. Other, less-vulnerable, more scalable, reliable, and securable options to consider include FreeBSD, Linux, and OSX. I'm running one of the alternative operating systems you mentioned, am I vulnerable to ACPSMP? Although every electronic device - from computers to toaster ovens - requires a flow of electrons to operate, these recommended replacement operating systems are exponentially more secure and reliable, and although using ACPSMP, are not as susceptible to exploitation arising from slick marketing, poor design or user ignorance. How can I verify that my Windows system is secure from the ACPSMP vulnerability? If, upon starting the flow of electrons into your computer, you see a Microsoft Windows graphical "splash page" and the Windows desktop (evidenced by the Start Button) in the lower left-hand of the screen, you may still be vulnerable. However, if you are presented with a log-in from one of the alternative operating systems mentioned above (evidenced by an image of a smiling computer or a friendly penguin) you are protected from this particular Windows vulnerability. Caveats: None, except to read the date of this Advisory note. :) Localization: The mitigation instructions and recommended alternative operating systems mentioned above are appropriate for use on Windows-based systems worldwide. Obtaining other security patches: As of this date there is no patch for this vulnerability. Patches for other security issues are available from the following locations: - Security patches are available from the Microsoft Download Center, and can be most easily found by doing a keyword search for "security patch". - Patches for consumer platforms are available from the Windows Update web site - All patches available via Windows Update also are available in a redistributable form from the Windows Update Corporate site. Other information: Acknowledgments: Microsoft thanks the open-source development community, Apple's MacOSX Team, William Feinbloom, and Richard Forno for their assistance in researching and reporting this issue; and for the security researchers around the world that continue to demonstrate and prove the inherent vulnerabilities arising from using slickly-marketed, closed-source, proprietary operating systems. Support: - Technical support is available from Microsoft Product Support Services. There is no charge for support calls associated with security patches. - Security Resources: The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products. Disclaimer: The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Plus, since this is an April Fool's prank, nothing you have read in this article should be viewed as official Microsoft advice, even if it makes sense in the real world. Revisions: - V1.0 (April 1, 2002): Bulletin Created (c) 2002 Infowarrior.org. All Rights Reserved. Permission to reproduce or redistribute this satire in any fashion granted provided appropriate credit given. _____________________________________________________________________ ** TO UNSUBSCRIBE DO NOT REPLY TO THIS MESSAGE! ** SEND ALL COMMANDS TO: LISTSERV@xxxxxxxxxxxxxxxxxxxxxxx ** TO UNSUBSCRIBE, send the command "unsubscribe win2ksecadvice" ** FOR A WEEKLY DIGEST, send the command "set win2ksecadvice DIGEST" -- Per iscriversi (o disiscriversi), basta spedire un messaggio con SOGGETTO "subscribe" (o "unsubscribe") a mailto:linuxtrent-request@xxxxxxxxxxxxxxxxx