Your PC's Many Security Holes


Computer security researchers at the SANS Institute were planning a May 2 release of their tally of major software vulnerabilities for the first three months of the year (see BW Online, 5/2/05, "Probing Your PC's Weak Spots"). Rather than totaling the number of worms or computer viruses affecting businesses and consumers, the SANS researchers detailed the most dangerous and widespread ones: For more detail, see the SANS Institute's Q1-2005 Update.

Software: Microsoft Internet Explorer

Systems affected: Desktops, laptops, and servers running any version of Windows

Vulnerabilities: Five different weaknesses

Risk: Computers with these vulnerabilities can have spyware, keystroke loggers, and remote control software installed on their systems when the user visits Web sites that have been programmed to exploit the flaws

Software: Microsoft Windows Media Player, Windows Messenger, and MSN Messenger

Systems affected: Windows desktops and laptops

Vulnerability: A flaw in PNG File Processing, a format for digital images

Risk: These vulnerabilities enable computers to be taken over if the user downloads a malicious media file from a Web site or opens a malicious picture while using MSN or Windows Messenger

Software: Microsoft Windows XP Service Pack 1 and 2, Windows 2000 Service Pack 3 and 4, and Windows Server 2003

Systems affected: Laptops, desktops, and servers on Windows networks

Vulnerability: Microsoft Server Message Block (SMB), a protocol for file access on networks

Risk: Computers with this vulnerability can be completely compromised by an attacker running a malicious server

Software: Microsoft Windows Server 2003, Windows 2000 Server Service Pack 3 and 4, Windows NT Server 4.0 Service Pack 6a, and NT Terminal Server Edition Service Pack 6

Systems affected: Servers on Windows networks

Vulnerability: Windows License Logging Service Overflow, a variation on an old trick that allows a hacker to hide malicious computer codes

Risk: This vulnerability allows computers to be taken over by a malicious user who sends special packets to the machine

Software: Windows NT and Windows 2000 (SP2 or earlier) Domain Name Service servers; Symantec Gateway Security, Enterprise Firewall, and VelociRaptor Products

Systems affected: Directly, certain servers running address-resolution service; indirectly, any computer on the network using the service

Vulnerability: DNS Cache Poisoning, which means a hacker has infected the servers that tell computers on a network how to find Web servers. (Note: This vulnerability didn't affect the big authoritative DNS servers but rather the local server caches, typically on LANs, that actually handle the bulk of DNS requests)

Risk: Attackers can direct users to malicious Web sites. These sites, in turn, can exploit Internet Explorer vulnerabilities to install spyware programs

Software: Antivirus Products from Symantec, F-Secure, Trend Micro, and McAfee

Systems affected: Desktops, laptops, and servers running certain antivirus software

Vulnerability: Buffer overflows, a method hackers use that gets computers to execute code disguised as data

Risk: Remote attackers can take control of computers running these security products

Software: RealPlayer, iTunes, and WinAmp Media Players

Systems affected: Desktops and laptops

Vulnerability: Buffer overflows

Risk: Users of these applications can be infected by simply visiting a Web site that has been tainted with malicious code

Software: Oracle Database Server, Application Server, E-business Suite, and Collaboration Suite

Systems affected: Multiple Oracle servers

Vulnerability: Flaws patched in Oracle's January 2005 Critical Patch Update

Risk: Remote hackers can possibly exploit these flaws to gain control of databases and get access to information

Software: Computer Associates products running License Manager

Systems affected: Computers running Computer Associates software

Vulnerability: CA License Package Buffer Overflow

Risk: Remote users can take control of computers running various CA products

Data: SANS Institute By Stephen H. Wildstrom


We Almost Lost the Nasdaq
LIMITED-TIME OFFER SUBSCRIBE NOW

(enter your email)
(enter up to 5 email addresses, separated by commas)

Max 250 characters

 
blog comments powered by Disqus