Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Poison Applet Could Wipe Windows PCs
The Register ^ | 10 April 2003 | John Leyden

Posted on 04/15/2003 10:17:31 AM PDT by ShadowAce

A brace of Microsoft security vulns pose risks for both home users and corporates.

The more serious problem, involving Microsoft's virtual machine (Microsoft VM), which enables Java programs to run on Microsoft Windows, provides a mechanism for attackers to run amok on Windows PCs. Microsoft has released a fix designed to address the problem, which affects users of Windows 98, NT 4, Windows 2000, XP and Windows Me.

Attacks including "changing data, loading and running programs, and reformatting the hard disk", might be possible, according to the low-fat version of Microsoft's alert.

Well if that doesn't get consumers patching, what will?

The more technical version of this alert explains that the vuln arises through a flaw with the ByteCode Verifier component of the Microsoft VM. This makes the component "blind" to the presence of malicious code in Java applets.

Java applets are disabled within the Restricted Sites Zone, which reduces the risk if you're using a hardened version of Microsoft's email clients. That still leaves other infection routes for Windows users. No surprise then that Microsoft describes the flaw as critical.

An alert on the problem, which links to patches, can be found here.


Separately, Microsoft yesterday released patches designed to fix denial of service vulnerabilities involving Microsoft Proxy Server 2.0 and Microsoft Internet Security and Acceleration (ISA) Server 2000. Both issues are covered in the same alert.

The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in ISA Server 2000 are subject to similar flaws, bot covered in the same alert. The upshot of both vulnerabilities is that internal ne'er do wells can send malformed packets that could cause servers to hang.

Patches, described by Microsoft as important, can be found be following links on the advisory here


TOPICS: Business/Economy; Culture/Society; Technical
KEYWORDS: computersecurity; computersecurityin; java; mdm; software; vm; windows

1 posted on 04/15/2003 10:17:31 AM PDT by ShadowAce
[ Post Reply | Private Reply | View Replies]

To: rdb3; Dominic Harr; Bush2000; TechJunkYard; martin_fierro
Time to get your patches.
2 posted on 04/15/2003 10:18:28 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
"Where do you want to be taken today?"
3 posted on 04/15/2003 10:19:41 AM PDT by Redcloak (All work and no FReep makes Jack a dull boy. All work and no FReep make s Jack a dul boy. Allwork an)
[ Post Reply | Private Reply | To 1 | View Replies]

To: All

Donating to the FreeRepublic will keep the bright beacon
of Freedom shining so that our Troops
and the world will know we stand with them.


Please join us.

Or mail checks to
FreeRepublic , LLC
PO BOX 9771
FRESNO, CA 93794

or you can use

PayPal at Jimrob@psnw.com

STOP BY AND BUMP THE FUNDRAISER THREAD-
It is in the breaking news sidebar!

4 posted on 04/15/2003 10:22:06 AM PDT by Support Free Republic (Your support keeps Free Republic going strong!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Redcloak
TO MICROSOFT COMPUTER HELL?
5 posted on 04/15/2003 10:23:23 AM PDT by Dick Bachert
[ Post Reply | Private Reply | To 3 | View Replies]

To: ShadowAce

"Badges? Wee don' need no steenkin' badges!"

(Sadly, patches appear to be indispensible.) <|:(~

6 posted on 04/15/2003 10:25:29 AM PDT by martin_fierro (Mr. Avuncular)
[ Post Reply | Private Reply | To 1 | View Replies]

To: martin_fierro
(Sadly, patches appear to be indispensible.) <|:(~

Don't kid yourself. Every OS patches itself quite routinely.

7 posted on 04/15/2003 10:29:48 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 6 | View Replies]

To: ShadowAce
Since this affects the VM, I assume that Internet Explorer is also problematic, not just Microsoft Office?
8 posted on 04/15/2003 10:33:33 AM PDT by webstersII
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
Nor did I suggest otherwise.

Why are you so humorless these days?
9 posted on 04/15/2003 10:33:40 AM PDT by martin_fierro (Mr. Avuncular)
[ Post Reply | Private Reply | To 7 | View Replies]

To: martin_fierro
Why are you so humorless these days?

Sorry. I'm not, really. Some trolls around here enjoy labeling others as OS fanatics. I was just CMA :)

10 posted on 04/15/2003 10:36:31 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 9 | View Replies]

To: ShadowAce
Time to get your patches.

Yeah, but be careful. I installed the latest patch when it first came out, and my laptop (running XP Pro) has crashed a couple times. This didn't happen before. When it doesn't crash it now acts squirly, sometimes locking up for a couple of minutes at a time.

11 posted on 04/15/2003 10:37:25 AM PDT by 68skylark
[ Post Reply | Private Reply | To 2 | View Replies]

To: webstersII
That would be my guess since I don't use windows. Actually, I would think it affects mainly IE since that is how you interact with the outside world, and expose your machine to malicious code.
12 posted on 04/15/2003 10:38:17 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 8 | View Replies]

To: 68skylark
When it doesn't crash it now acts squirly, sometimes locking up for a couple of minutes at a time.

Time to apply the Ultimate Service Pack, then. :)

13 posted on 04/15/2003 10:39:28 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 11 | View Replies]

To: 68skylark
But, but, but , XP was supposed to fix all of those problems?

You mean, Microsoft lied?

But, but, but, but......

(Happy Apple user since 2000).
14 posted on 04/15/2003 10:41:39 AM PDT by Billy_bob_bob ("He who will not reason is a bigot;He who cannot is a fool;He who dares not is a slave." W. Drummond)
[ Post Reply | Private Reply | To 11 | View Replies]

To: ShadowAce
Actually, I would think it affects mainly IE since that is how you interact with the outside world, and expose your machine to malicious code.

So, if you use Mozilla as your browser and mailer, and the Sun Java machine,(as I do) you should be less vulnerable. Still, I'll get the patch eventually.

15 posted on 04/15/2003 10:45:21 AM PDT by Pearls Before Swine
[ Post Reply | Private Reply | To 12 | View Replies]

To: Billy_bob_bob
(Happy Apple user since 2000)

I've been a not so happy Apple user for a few weeks now. Oh, I'm happy with the computers and the OS. I'm not happy with Al Gore being on Apple's board of directors.

16 posted on 04/15/2003 10:47:24 AM PDT by Question_Assumptions
[ Post Reply | Private Reply | To 14 | View Replies]

To: Pearls Before Swine
Please notice the caveat in Post #12. I don't do Windows, so I'm only guessing here, with an explanation for the guess.
17 posted on 04/15/2003 10:48:28 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Bush2000
But, but, but... Linux and Apple are big stinky faces right?
18 posted on 04/15/2003 10:49:54 AM PDT by dogbyte12
[ Post Reply | Private Reply | To 17 | View Replies]

To: Question_Assumptions
Ditto. I can't understand why Apple is so tone deaf.
19 posted on 04/15/2003 10:50:46 AM PDT by Frumious Bandersnatch
[ Post Reply | Private Reply | To 16 | View Replies]

To: ShadowAce
Time to apply the Ultimate Service Pack, then.

Yeah, I've considered drastic measures more than once with this machine.

20 posted on 04/15/2003 10:53:03 AM PDT by 68skylark
[ Post Reply | Private Reply | To 13 | View Replies]

To: ShadowAce
All this is fixed in Windows RG.
Click here for a demo.
21 posted on 04/15/2003 10:56:59 AM PDT by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
The more technical version of this alert explains that the vuln arises through a flaw with the ByteCode Verifier component of the Microsoft VM. This makes the component "blind" to the presence of malicious code in Java applets.

HELP! I don't understand a thing they are saying.

All I know is I have a HP with windows XP, and AOL connection.

My AOL crashes all the time. I get these pop up messages saying I am leaking :-( important info and my McAfee virus icon in the bottom right disappears and I don't know if I have Freedom firewall or not.

22 posted on 04/15/2003 11:04:45 AM PDT by Spunky
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
I use the Windows Automatic-Update feature to keep up-to-date.
23 posted on 04/15/2003 11:10:25 AM PDT by PhilipFreneau
[ Post Reply | Private Reply | To 2 | View Replies]

To: Question_Assumptions
Is this what Apple stands for?

Israel-made battery found in computer

STEPS were taken by a distributor for Apple Computers to ensure that Israeli-made parts do not enter Bahrain after an Israeli-made battery was discovered by a customer in an old Apple Computer model.

[snip]

“They have taken up the matter with Apple Middle East, which is based in Ireland and ensured us that this won’t happen again.


24 posted on 04/15/2003 11:16:04 AM PDT by weegee (NO BLOOD FOR RATINGS: CNN let human beings be tortured and killed to keep their Baghdad bureau open)
[ Post Reply | Private Reply | To 16 | View Replies]

To: *Computer Security In
http://www.freerepublic.com/perl/bump-list
25 posted on 04/15/2003 11:22:02 AM PDT by Libertarianize the GOP (Ideas have consequences)
[ Post Reply | Private Reply | To 24 | View Replies]

To: Question_Assumptions
I'm not thrilled about Gore being on their board of directors either. However, I'm biting my tongue because I'm hoping that Al will help Apple sell computers to the government. That is one big client with very deep pockets. If Al can help to convince key bureaucrats that they should start buying Apple computers instead of Windows machines then Apple will sell a whole lot of computers.

Besides, would you rather see Al in the White House? Count your blessings.
26 posted on 04/15/2003 11:25:37 AM PDT by Billy_bob_bob ("He who will not reason is a bigot;He who cannot is a fool;He who dares not is a slave." W. Drummond)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Spunky
Check out Black Viper to fine tune Windows XP and Windows 2000. I set my system up according to his charts, and have had no problems. No leaking, either.
27 posted on 04/15/2003 11:27:13 AM PDT by TaxRelief
[ Post Reply | Private Reply | To 22 | View Replies]

To: ShadowAce
Any applet could wipe a Windows PC. That's the nature of Windows.
28 posted on 04/15/2003 11:40:53 AM PDT by HumanaeVitae (Tolerance is a necessary evil.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: HumanaeVitae
"Any applet could wipe a Windows PC. That's the nature of Windows."

Not true. The security made into Java is such that unauthorized applets cannot write to the hard disk. The only way this can happen is if there is a security hole in the Virtual Machine (as in this case).
29 posted on 04/15/2003 11:56:45 AM PDT by webstersII
[ Post Reply | Private Reply | To 28 | View Replies]

To: webstersII
Blue screen of death joke from a Mac enthusiast. ;-)
30 posted on 04/15/2003 12:08:11 PM PDT by HumanaeVitae (Tolerance is a necessary evil.)
[ Post Reply | Private Reply | To 29 | View Replies]

To: HumanaeVitae
Hey, there's enough other things to make fun of PCs for, let's not start making stuff up.

No, I'm not a Mac user, I use Windows and complain about it quite regularly. As they say, when in Rome . . . .
31 posted on 04/15/2003 12:35:53 PM PDT by webstersII
[ Post Reply | Private Reply | To 30 | View Replies]

To: ShadowAce
Yup, I thought I'd seen this story before.
32 posted on 04/15/2003 1:11:11 PM PDT by TechJunkYard (via Nancy)
[ Post Reply | Private Reply | To 1 | View Replies]

To: weegee
This is gonna be hard on the middle east. I think the new Intel chip for laptops is made in Israel. Probably explodes by remote control.
33 posted on 04/15/2003 1:26:06 PM PDT by js1138
[ Post Reply | Private Reply | To 24 | View Replies]

To: TaxRelief
Check out Black Viper to fine tune Windows XP and Windows 2000.

Thanks! I will.

34 posted on 04/15/2003 1:32:01 PM PDT by Spunky
[ Post Reply | Private Reply | To 27 | View Replies]

To: TechJunkYard
Oops. Sorry. The title didn't matach up in the search.
35 posted on 04/15/2003 2:01:38 PM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 32 | View Replies]

To: Question_Assumptions
I'm not happy with Al Gore being on Apple's board of directors.

He is not on yet,(He will be) as a stockholder I just got to vote against him....AGAIN!!!!!!!!!! It felt great.
36 posted on 04/15/2003 2:04:59 PM PDT by cmsgop ( Arby's says no more Horsey Sauce for Scott Ritter !!!!)
[ Post Reply | Private Reply | To 16 | View Replies]

To: ShadowAce
No biggie. I do have a winblows box in the house now, so I'm trying to keep up with these things.
37 posted on 04/15/2003 4:04:21 PM PDT by TechJunkYard (via Nancy)
[ Post Reply | Private Reply | To 35 | View Replies]

To: ShadowAce
Thanx, but I don't need 'em. ;-)
38 posted on 04/15/2003 8:13:26 PM PDT by rdb3 (It ain't nuthin' to a ballah, baby...)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Izzy Dunne
I love that website -- thank you! It reminds me of the computer I had at my old job.
39 posted on 04/15/2003 8:59:56 PM PDT by scott7278 (Four more years! Four more years!)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Izzy Dunne
XP = xtra problems
40 posted on 04/15/2003 9:12:46 PM PDT by stainlessbanner
[ Post Reply | Private Reply | To 21 | View Replies]

To: webstersII
Not true. The security made into Java is such that unauthorized applets cannot write to the hard disk. The only way this can happen is if there is a security hole in the Virtual Machine (as in this case).

You don't know that.

If this were real Java, you would be correct, but this bug is in Microsoft's proprietary implementation of Java, not the Sun or IBM Java, both of which are open and well documented.

Microsoft took the original Java implementation and modified it, and no one outside of Microsoft knows exactly how it interacts with other Windows software.

41 posted on 04/21/2003 6:26:18 AM PDT by Knitebane
[ Post Reply | Private Reply | To 29 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson