[ISN] Microsoft Security Bulletin (MS98-010)

From: mea culpa (jerichoat_private)
Date: Wed Aug 05 1998 - 12:24:04 PDT

  • Next message: mea culpa: "Re: [ISN] Microsoft Security Bulletin (MS98-010)"

    From: Microsoft Product Security Response Team <secureat_private>
    
    Microsoft Security Bulletin (MS98-010)
    
    ----------------------------------------------------------------------- -
    
    Information on the BackOrifice Program
    
    Last Revision: August 04, 1998
    
    Summary
    =======
    On July 21, a self-described hacker group known as the Cult of the Dead  Cow
    released a tool called BackOrifice, and suggested that Windows  users were
    at risk from unauthorized attacks.  Microsoft takes security  seriously, and
    has issued this bulletin to advise customers that  Windows 95(r) and Windows
    98(r) users following safe computing  practices are not at risk and Windows
    NT(r) users are not threatened in  any way by this tool.
    
    The Claims About BackOrifice
    ============================
    According to its creators, BackOrifice is "a self-contained,
    self-installing utility which allows the user to control and monitor
    computers running the Windows operating system over a network".  The
    authors claim that the program can be used to remotely control a  Windows
    computer, read everything that the user types at the keyboard,  capture
    images that are displayed on the monitor, upload and download  files
    remotely, and redirect information to a remote internet site.
    
    The Truth About BackOrifice
    ===========================
    BackOrifice does not expose or exploit any security issue with the  Windows
    platform or the BackOffice(r) suite of products.
    
    BackOrifice does not compromise the security of a Windows network.
    Instead, it relies on the user to install it and, once installed, has  only
    the rights and privileges that that the user has on the computer.
    
    For a BackOrifice attack to succeed, a chain of very specific events  must
    happen:
     - The user must deliberately install, or be tricked into
       installing the program
     - The attacker must know the user's IP address
     - The attacker must be able to directly address the user's
       computer; e.g., there must not be a firewall between the
       attacker and the user.
    
    What Does This Mean for Customers Running Windows 95 and Windows 98?
    ====================================================================
    BackOrifice is unlikely to pose a threat to the vast majority of   Windows
    95 or Windows 98 users, especially those who follow safe  internet computing
    practices.  Windows 95 and Windows 98 offer a set of  security features that
    will in general allow users to safely use their  computers at home or on the
    Internet.  Like any other program,  BackOrifice must be installed before it
    can run.  Clearly, users should  prevent this installation by following good
    practices like not  downloading unsigned executables, and by insulating
    themselves from  direct connection to the Internet with Proxy Servers and/or
    firewalls  wherever possible.
    
    What Does This Mean For Customers Running Windows NT?
    =====================================================
    There is no threat to Windows NT Workstation or Windows NT Server
    customers; the program does not run on the Windows NT platform.
    BackOrifice's authors don't claim that their product poses any threat  to
    Windows NT.
    
    What Customers Should do
    ========================
    Customers do not need to take any special precautions against this  program.
    However customers should ensure that they follow all of the  normal
    precautions regarding safe computing:
     - Customers should not install or run software from
       unknown sources -- this applies to both software available
       on the Internet and sent via e-mail.   Reputable software
       vendors digitally sign their software to verify its authenticity
       and safety.
     - Corporate administrators can block software that is not digitally
       signed by a reputable or authorized software company at their proxy
       server and/or firewall.
     - Customers should keep their software up to date to ensure that
       hackers cannot take advantage of known issues.
     - Companies should use actively use auditing and  monitor their
       network usage to deter and prevent insider attacks.
    
    
    More Information
    ================
    Please see the following references for more information related to  this
    issue.
    
     - Microsoft Security Bulletin 98-010, Information on the
       BackOrifice Program (the Web posted version of this
       bulletin),
       http://www.microsoft.com/security/bulletins/ms98-010.htm
    
    Revisions
    =========
    
    August 04, 1998: Bulletin Created
    
    For additional security-related information about Microsoft
    products, please visit http://www.microsoft.com/security
    
    
    ----------------------------------------------------------------------- --
    THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED  "AS
    IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL  WARRANTIES,
    EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF  MERCHANTABILITY AND
    FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL  MICROSOFT CORPORATION
    OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES  WHATSOEVER INCLUDING DIRECT,
    INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS  OF BUSINESS PROFITS OR SPECIAL
    DAMAGES, EVEN IF MICROSOFT CORPORATION  OR ITS SUPPLIERS HAVE BEEN ADVISED
    OF THE POSSIBILITY OF SUCH DAMAGES.  SOME STATES DO NOT ALLOW THE EXCLUSION
    OR LIMITATION OF LIABILITY FOR  CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE
    FOREGOING LIMITATION MAY NOT  APPLY.
    
    (c) 1998 Microsoft and/or its suppliers. All rights reserved.
    For Terms of Use see
    http://support.microsoft.com/support/misc/cpyright.asp.
    
              =====================================================
    You have received  this e-mail bulletin as a result  of your registration
    to  the   Microsoft  Product  Security  Notification   Service.  You  may
    unsubscribe from this e-mail notification  service at any time by sending
    an  e-mail  to  MICROSOFT_SECURITY-SIGNOFF-REQUESTat_private
    The subject line and message body are not used in processing the request,
    and can be anything you like.
    
    For  more  information on  the  Microsoft  Security Notification  Service
    please    visit    http://www.microsoft.com/security/bulletin.htm.    For
    security-related information  about Microsoft products, please  visit the
    Microsoft Security Advisor web site at http://www.microsoft.com/security.
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:00:23 PDT