Thread: !Testing for the latest vulnerabilities...
View Single Post
  #2  
Old December 28th 04, 03:16 AM
Colin Nash [MVP]
external usenet poster
  
Posts: n/a
Default !Testing for the latest vulnerabilities...

"Max Burke" wrote in message
...
[From another Newsgroup]

Three new Windows security holes come at a bad time
By Angela Gunn, USATODAY.com
Three new vulnerabilities have been discovered in Microsoft's Windows
operating system, leaving computers running that OS open to possible
hacker attacks - including PCs running the recently released XP SP2
(Service Pack 2).
The vulnerabilities were published on various online security
newsgroups and confirmed by antivirus firm Symantec. The discoveries
raise particular concern since, with the holidays underway,
interested worm-writers may have a significant head start on security
professionals hoping to plug the hole.

I tested the one that applies to XP SP2 using the proof of concept test
at: http://freehost07.websamba.com/greyhats/sp2rc.htm and here are my
results:

XP pops up with:

"Your security settings do not allow websites to use Active X controls
installed on your computer. This page may not display correctly. Click
here for more options."
That's with IE listing the proof of concept website in the Internet zone
of IE security zones.

In that customised zone I have:

ActiveX controls and plugins
Automatic prompting for ActiveX controls disabled.

Binary and script behaviours
Administrator approved

Download of signed ActiveX controls
Prompt

Download of unsigned ActiveX controls
Disable

Initialise and script ActiveX controls not marked as safe
Disable

Run ActiveX controls and plugins
Administrator approved

Script ActiveX controls marked as safe for scripting
Enable

Active scripting
Enable

Allow paste operations by script
Disable

Scripting of Java applets
Enable

However if I put the website in the trusted zone, the web page pops up the
htm help window and attempts to load an .hta file in the documents and
settings/all users/start menu/start directory that GRR (greyware registry
rearguard) blocks unless (and until) I allow the change to that directory.

IOW the exploit works with SP2 installed; Just not automatically on my
systems, because of GRR.


Is there anything else I can test for, or have I missed anything?

--




You seem to have customized the settings for the Internet zone, which is
what protected you. Using the default Internet Zone settings, this does
work without any user intervention.
Ads