Too Early for Halloween, Part 2

This is the second of a two part blog post.

There are two more significant patches on this Patch Tuesday that are worth discussing. Both are rated "critical." By the way, Microsoft designates a patch as critical when the outcome of a successful (for the bad guys) exploit could result in the complete takeover of your PC.

The first one fixes a security hole in Outlook Express 5.5 and 6, and in Windows Vista's Windows Mail. It involves a communications technology called Network News Transport Protocol, or NNTP for short. It's used for reading and posting to online news groups like Usenet.

I personally don't know how common NNTP's use is any more. It was very popular in the early days of the Internet. But that's sort of beside the point. Like many security holes, the point is not what it does but that the capability to invoke it is there by default in the software, whether you use the feature or not, combined with the fact that there's a security glitch in there somewhere.

It's a little like an outdoor power receptacle on the side of your house – you can plug anything you want into it. But the fact that it's outside and unsecured also means that a shifty neighbor might plug his motor home into it while you're not home, running up your power bill instead of his own. And you don't have a locking fence.

Alright, it's a sloppy metaphor.

But the point is a serious one. An NNTP request could look the same as any other link on the Web. So you don't have to know what you're clicking on in order to be attacked. A malicious link doesn't have to say it's for a news reader. (That is, you don't have to necessarily be clicking on a link that says, "Click here for newsgroups.") It's just another link.

Click on it and you can almost hear that little voice in the back of your head laconically warning, "You'll be sorry." That's how long it takes for an attack program to take control of your PC.

Here again, although Microsoft is not saying just where exactly the hole is – so as not to help the black hat hackers – this is another memory corruption vulnerability. Typically, these work by sending too much (or malformed) data to a buffer in the affected software, which can't deal with getting the wrong information and suddenly freaks out. At that point, the attacker's program swoops in and starts running its own code on your computer.

If you got any warning or saw any symptoms that you'd been compromised, which you often may not, it's time to hunt down your most recent copy of Ad-Aware or a similar product to help you clean your system. Frankly, it's easier to just get the patch

You're at risk if you have OE6 or Windows Mail installed on your system. Microsoft's security bulletin states there have not been any attacks in the wild as of today, so now would be a good time to get the hole patched pronto. (Often, just announcing a patch sets the crackers to work with their fuzzers, trying to find the hole before you get it patched.)

The final patch this month is one that you'll want to get right away if you're a Microsoft Word user. You're at risk if you're running Office 2000, Office XP (as I do), or Office 2004 for Mac.

It's another memory corruption error vulnerability, although this one requires that you open a doctored Word file. Still, Microsoft says attacks via this hole are already occurring in the wild, so there's no time like the present for getting the patch.

Comments

Post a comment Post a comment

0 / 1000 max characters