[ISN] First Fallout from Code Leak Hits the Web

From: InfoSec News (isn@private)
Date: Tue Feb 17 2004 - 06:07:38 PST

  • Next message: InfoSec News: "[ISN] Spammers exploit high-speed connections, careless users"

    Forwarded from: William Knowles <wk@private>
    
    http://www.eweek.com/article2/0,4149,1528043,00.asp 
    
    By David Morgenstern 
    February 16, 2004 
    
    A security company on Monday alerted clients of a new vulnerability to 
    Internet Explorer 5, one attributed to the recent leak of Microsoft 
    Corp. Windows source code. The quick attack appears to contradict some 
    optimistic expectations that the recent leak of Windows 2000 and NT 
    code would not pose a significant opportunity for hackers. 
    
    According to a message posted by SecurityGlobal.net LLC's Security 
    Tracker Web site, a vulnerability was reported in Microsoft Internet 
    Explorer Version 5 that lets a "remote user execute arbitrary code on 
    the target system." 
    
    A hacked bitmap file can trigger an integer overflow and execute 
    arbitrary code, the security bulletin said. 
    
    The author of the warning said that this flaw was uncovered by 
    reviewing the recently leaked Windows source code. 
    
    "I downloaded the Microsoft source code. Easy enough. It's a lot 
    bigger than Linux, but there were a lot of people mirroring it and so 
    it didn't take long," observed the anonymous programmer in his 
    warning. 
    
    The code is a portion of source from Windows NT 4.0 and Windows 2000 
    that made its way onto the Internet Thursday. 
    
    "IE6 is not vulnerable, so I guess I'll get back to work. My Warhol 
    worm will have to wait a bit..." wrote the author of the warning. 
    
    No patch was available for download from Microsoft's Security Web site 
    and the company was not available for comment. 
    
    Several analysts had predicted no immediate threat from the source 
    code leak, since the amount of code presented on the Internet was 
    limited. 
    
    However, in comments offered on Friday, Ken Dunham, malicious-code 
    manager at iDefense Inc., based in Reston, Va., said that 
    vulnerabilities in the older Windows would likely be much easier to 
    discover and exploit now after the leak of the source code. 
    
    "There are a lot of implications to this. The situation just got a lot 
    worse, in terms of vulnerabilities," he said in an interview with an 
    eWEEK reporter. "I imagine we'll be seeing a lot more this year 
    because of this. There's certainly enough in [the leaked code] to play 
    with." 
    
    This warning follows a string of recent vulnerabilities concerning 
    Internet Explorer. Earlier this month Microsoft released a cumulative 
    patch covering a dangerous Internet Explorer vulnerability that let 
    attackers trick customers into visiting malicious sites. 
    
    
    
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ----------------------------------------------------------------
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ================================================================
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Feb 17 2004 - 09:26:29 PST