Author Topic: More XP SP2 Vulnerabilities  (Read 6580 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
More XP SP2 Vulnerabilities
« on: January 07, 2005, 09:00:55 am »
There's been a lot of ways found to run arbitrary code from remotely in Internet Explorer lately, even with fully patched SP2.  This is one of them:
http://secunia.com/advisories/12889/

My point is, stop using IE if you are :)

From Secunia, some stats:
Quote
Vendor: Microsoft
Product Affected By: 75 Secunia Advisories


Microsoft Internet Explorer 6 with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Extremely critical

This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details.

Currently, 21 out of 75 Secunia advisories, is marked as "Unpatched" in the Secunia database.
« Last Edit: January 07, 2005, 09:02:52 am by iago »

Offline Mythix

  • The Dude
  • x86
  • Hero Member
  • *****
  • Posts: 1569
  • Victory
    • View Profile
    • Dark-Wire
Re: More XP SP2 Vulnerabilities
« Reply #1 on: January 07, 2005, 09:18:33 am »
My point is, most will never change, they're afraid of it, thus they depend on M$ for all of their needs.


Philosophy, n. A route of many roads leading from nowhere to nothing.

- Ambrose Bierce


Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: More XP SP2 Vulnerabilities
« Reply #2 on: January 07, 2005, 10:37:46 am »
That's sad. SAD.
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: More XP SP2 Vulnerabilities
« Reply #3 on: January 07, 2005, 11:02:15 am »
I hate SP2 soo much.  Computers shouldn't even need a personal firewall.  All a firewall is is a coverup for lousy programming.  If a vulnerability is found in a service, it should be disabled.  It's unfortunate that, on Windows, you can't.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: More XP SP2 Vulnerabilities
« Reply #4 on: January 07, 2005, 12:45:45 pm »
Apparnetly the product has 2 nice features:
1. It listens on port 2571 (which I would imagine goes through SP2's firewall, since it's MS)
2. Its icon is a big target

Gee, I wonder what's coming? :)

Stay tuned for the first annual Anti-Spyware Worm!

Offline Mythix

  • The Dude
  • x86
  • Hero Member
  • *****
  • Posts: 1569
  • Victory
    • View Profile
    • Dark-Wire
Re: More XP SP2 Vulnerabilities
« Reply #5 on: January 07, 2005, 10:07:26 pm »
hahaha

I did enjoy the little notifications every 5 minutes.


"YOU ARE NOW ACCESSING NOTEPAD, BE CAUTIOUS, OPEN PORTS WITH NOTEPAD OPEN COULD LEAD TO INTRUDERS!"
Philosophy, n. A route of many roads leading from nowhere to nothing.

- Ambrose Bierce


Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: More XP SP2 Vulnerabilities
« Reply #6 on: January 07, 2005, 11:58:18 pm »
Then, we will have the evil jpg of doom, which will give you a virus just by looking at a jpg file while on Windows.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: More XP SP2 Vulnerabilities
« Reply #7 on: January 08, 2005, 11:05:07 am »
I'm just waiting for Spyware that uses Microsoft's Anti-Spyware program to propogate.  If that happens, I'm going to laugh soooo hard.

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: More XP SP2 Vulnerabilities
« Reply #8 on: January 08, 2005, 05:14:19 pm »
You should make one, then laugh your ass off.  Not a malicious one even, actually, make it like the Polite Virus and have it ask the user if they want to allow the worm to spread around a little :)

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: More XP SP2 Vulnerabilities
« Reply #9 on: January 08, 2005, 05:17:25 pm »
I'm surprised a vulnerability has been finally found where the only immune Windows system is SP2, usually it's the other way around ;)
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: More XP SP2 Vulnerabilities
« Reply #10 on: January 09, 2005, 02:08:59 am »
I'm surprised a vulnerability has been finally found where the only immune Windows system is SP2, usually it's the other way around ;)

There were lots of those.  Jpeg vulnerabliity, several IE vulnerabilities, and others.  SP2 is doing pretty well, still and has only had a few vulns :)