February 7, 2006 8:50 PM PST

Microsoft warns of new Windows security issues

Microsoft on Tuesday warned of two security issues that could put some Windows users at risk of attack and said it is investigating a third possible vulnerability.

One security problem is reminiscent of the recent high-profile security woes that affected Windows. It is related to how aging versions of Internet Explorer handle malformed Windows Meta File images on the Windows Millennium Edition and Windows 2000 operating systems.

The flaw exists only in IE 5.01 with Service Pack 4 on Windows 2000 and IE 5.5 with Service Pack 2 on Windows ME, Microsoft said in a security advisory. Users could be attacked simply by viewing a malicious image on a Web site, in an e-mail or in an image viewer, Microsoft said.

"An attacker who successfully exploited this vulnerability could take complete control of the affected system," Microsoft said in its advisory.

Though the WMF vulnerability may appear similar to previous flaws related to WMF that plagued Windows, the issue is different, Microsoft said. Last month the software maker rushed out a fix for a WMF rendering flaw that was being exploited to install spyware on the computers of unwitting Windows users.

To remedy this new WMF problem, Microsoft recommends users upgrade to IE6 with Service Pack 1 and said it may issue a security patch.

In a second security advisory, Microsoft warned of a problem with overly permissive access controls in Windows XP and Windows Server 2003. The problem exists only in versions that do not have the latest service packs installed, the company said.

The access control issue could be exploited by a user with low privileges to run programs and commands that normally require a higher privilege level, Microsoft said. The software maker suggests installing Service Pack 2 on Windows XP or Service Pack 1 on Windows Server 2003 to limit exposure, or manually changing access controls on the four affected Windows components.

In addition to the security advisories, a Microsoft representative on Tuesday said the company is investigating a potential vulnerability in its HTML Help Workshop, a part of the HTML Help Software Development Kit version 1.4.

Attack code that takes advantage of the flaw is publicly available. A successful attack could give an attacker full control over a vulnerable computer, security monitoring company Secunia said in an alert. However, the scope is limited because the vulnerable software is used only by software developers and is not part of Windows, according to Microsoft.

"Microsoft's initial investigation has revealed that customers who have not installed the HTML Help SDK on their systems are not impacted by this report," the representative said.

Microsoft's next "patch Tuesday" is on Feb. 14. The company on Thursday is expected to release some details on what software fixes it will deliver.

See more CNET content tagged:
Microsoft Windows Metafile, access control, service pack, flaw, vulnerability

44 comments

Join the conversation!
Add your comment
IE failure again...
This is all the more reason to use Firefox, Mozilla or Opera, anything but IE which will never be secure.
Posted by solarflair (35 comments )
Reply Link Flag
for sure
I just (like 25 minutes ago) got an older laptop working again, and it has windows 2000, I just updated it, as it was long out of service. First thing I did, was use IE to download Firefox so I could get the new SP from the windows website, lol. 2000 isn't even that bad of an OS (in fact, XP sometimes seems slower, and buggier), but combine 2000 with IE, yikes, its a scary situation.

The Mozilla Foundation will change your computer experience.
Posted by jzsaxpc (43 comments )
Link Flag
Please Understand
Just using a different browser in XP or any other Microsoft OS isn't
going to make your machine or your surfing any more secure.
Because of the tight integration between Internet Explorer and
Windows Explorer there hit just the same! Remember, your
Windows File Explorer will display web pages too. So just changes
browsers will not make you surfing any more secure.

~Justin
Posted by OneWithTech (196 comments )
Link Flag
Did you even read it?
I know it is easier to just bash MS and say OOOH another Internet Explorer vulnerability instead of reading what it was. This is in IE version 5 on Windows ME and Windows 2000 - let's see, old version of IE on older operating systems. The vulnerabilities are not present in Windows XP, or in version 6 of IE. Thus it has long been fixed. BTW, have you not noticed the Firefox vulnerabilities that have come up, some which have been listed as serious? No browser is completely safe - the more popular it becomes, the more people will try to exploit it.
Posted by cristianodiaz (31 comments )
Link Flag
New MS Flaws; Repost Weekly
I wonder, is there ever a day when users of Microsoft products are safe on a network?
Posted by aabcdefghij987654321 (1721 comments )
Reply Link Flag
Not In This Life-Time!
XP was insecure the first week it was presented over 3 years ago.
Microsoft users have been punished with knowing that there
Microsoft powered networks will never be safe!

~Justin
Posted by OneWithTech (196 comments )
Link Flag
wait a minute...
the article is talking about flaws that only apply to old versions of things.
Posted by Bobman (114 comments )
Reply Link Flag
Not true.
My office just got windoze 2k in Aug. 2003, which is very new for us considering we had windoze 95 before the work-station upgrade. Our medical office has always been like most companies--slow to change unlike personel computer users.
Posted by solarflair (35 comments )
Link Flag
I rather hope MS work on flaws on SP2, IE7 and Vista
instead on legacy OS like 2000 or browsers like IE5.
People who dun buy e newer software are either those that dun not want e new products so why bother with customers of low value? Another group of people who use old products are those that feel new products are not good enough, so why not work on the new ones? Dun bother about what the Mac n linux useres, they are not yr customer, then to get them is like selling music players to iPod users, dream on if u think u can get them.
Posted by pjianwei (206 comments )
Reply Link Flag
No Handle on XP!
Microsoft doesn't even have a grasp of there current XP operating
system. So the thought of a Secure Vista is the equivalent of finding
a NEW PLANET!

Slim to NONE!

~Justin
Posted by OneWithTech (196 comments )
Link Flag
Another Good Reason To Buy A Mac!
So, combine this article with the ones posted on
www.TechViewsToday.US and you have all the reason's in the world
to go get yourself some security in the form of a Mac!

~Justin
Posted by OneWithTech (196 comments )
Reply Link Flag
Apple not immune
Apple's been releasing a steady stream of security patches as well. Not as severe perhaps, but don't for a second believe Macs are impervious to viruses.
Posted by Mad Dog - Chi (22 comments )
Link Flag
Here's the real issue...
Ok,

Nothing is perfect in software, but... With the massive resources and money that MS has, there is NO excuse for this level of poor quality/security in their products.

If ANY other product on the market in the US was so flawed, the government would have gotten involved.

Thank goodness MS doesn't make brake systems!

BCA
Posted by bcas400e (29 comments )
Reply Link Flag
MS and Brake Systems
"Thank goodness MS doesn't make brake systems!"

Yeah, See <a class="jive-link-external" href="http://www.bmw.com" target="_newWindow">http://www.bmw.com</a>
Posted by SystemsJunky (409 comments )
Link Flag
HAHAHAHAHAHAHAHAHAHA
Buy a MAC for security, lol thats funny. Yeah you could could chain your valuables to it I suppose.

MACs use UNIX which has more security holes than swiss cheese. The only reason their vulnerabilities are not targetted as much is that no one uses them so its not worth the effort for hackers.
Posted by richto (895 comments )
Reply Link Flag
That is BS
Talking like others is what you doing without investigating the real reason. UNIX, Linux, IBMs AIX, HP UX and Sun Solaris are based on a totally different design and is THEREFOR MORE secure then Windows.

UNIX is designed from the ground up as a Multi-user Multi tasking OS. Hence it is more scalable, more reliable, faster and more secure. NOT perfect though..... but much better in terms of security then Windows.

Study the subject before you start talking like other dummies.
Posted by rembspam (9 comments )
Link Flag
One more stupid person....
... repeating the stupid claim that Mac's are not common enough to
get attacked. But what the heck, stupid people have to say
something to prove they are stupid.
Posted by Earl Benser (4310 comments )
Link Flag
FLAWS?!? And they want us to pay for security???
This is a racket.
Posted by ordaj (338 comments )
Reply Link Flag
Change headlines much? Did Microsoft
yell at you?

The headline originally had the word flaws in it and I believe that to be more accurate, anwyay.
Posted by ordaj (338 comments )
Link Flag
You bought it.
It isn't like this just happened. Windows has been having significant
security issues since the mid 90s, so if you've bought it since then,
you're partly to blame. You voted with your wallet for an insecure
OS.

Now they want more from you, so you have to make a decision. Are
you going to let them keep sticking it to you or are you going to
spend your money on a better product?
Posted by Macsaresafer (802 comments )
Link Flag
It is true
Even if you just started using Windows 2000 (well 3 years ago), the flaw affects version 5.01 of Internet Explorer - there is no reason you should not be using version 6.
Posted by cristianodiaz (31 comments )
Reply Link Flag
Seriously...
this is nothing more then flame bait. How is this news? If you are running all updates i.e. (no pun intended) WinXPSP2 this is a joke. Even WinXPSP1 isnt affected. I feel sorry for anyone using IE5.

..Yawn..
Posted by BlinkMM182 (63 comments )
Reply Link Flag
Here you go! A cautionary tale
<a class="jive-link-external" href="http://www.theregister.co.uk/2006/02/08/apple_vulnerability/" target="_newWindow">http://www.theregister.co.uk/2006/02/08/apple_vulnerability/</a>
Posted by Mad Dog - Chi (22 comments )
Reply Link Flag
As you've posted it twice, I'll respond twice.
Just for your info the story does not reveal any evidence that
anyone actually hacked anything just that one man said their
machine was hacked.

And yes, although supposedly independent, SecurityFocus is owned
by Symantec Corporation who have pulled this kind of stuff before.

This is no proof that it was invented but nor is there any proof that
it wasn't.
Posted by privatec (75 comments )
Link Flag
Two Main Reasons Windows is Insecure...
1. The "user" who first signs on to a Windows machine right out
of the box becomes the root user of the OS. That's known as
"admin" in Windows world, but some call it "root" anyway. The
root user is GOD to a computer. The word "root" makes real
server admins (as opposed to casual ones) cringe a little because
they understand the power of that word. Keep that in mind for
reason 2.

2. Integration of browser, messaging, update systems, keyboard
input, scripting, email, IM, inter-application messaging, server
authentication and a thousand other things is very tight in
Windows. One process sneezes and the other ones say
"gesundheit". Since any of these input mechanisms are running
under root (GOD) they trust each other implicitly. That's why you
can use IE to visit a web site containing a malicious piece of
code in the HTML and - ZOOM - it's jumping around in your
operating system doing whatever the hell it wants. There's a
wonderful scripting system available that will happily follow the
command of the malicious code as "root" - which is everthing
running on the computer. Bang, you're a spam server. Pow, there
go all your files to Hong Kong. OOF, you're an IRC server for
someone in Belgium.

Since everything is running with root privileges in Windows,
there's no way for the computer to tell whether someone at the
keyboard told the computer to give up all the secrets or if some
script from an email, IM or some stupid task bar app told it to
do that. "Click Here to See the Dancing Monkeys" - and you're
sending 40,000 emails a day to everyone on the planet. Play a
music file or open a JPEG and you're a Windows zombie
attacking banking systems within 10 minutes. Your computer
doesn't know and can't tell the difference between "admin" and
"user" unless you set up the machine correctly.

Viruses and worms are written to automatically jump from
machine to machine using the all powerful admin privileges and
automatically propagate themselves - and "admin" is the base
user on about 90% of the Windows machines out there. Viruses
will test every machine in the world (or try to) and climb in the
known back doors of every unsecured Windows machine at will.

If the same worm or virus tests a Mac or Linux machine, nothing
happens. I've been running a Mac web server since 1996 and I
see all the viruses testing the machine constantly, 24 hours a
day, 7 days a week. These viruses run through every IP address
we have in the company - 2 class C blocks - and test everything.
Any Windows machine we've had exposed to the Internet,
patches or not, has caught a virus. All the Macs, old and new,
simply log the attempt and do nothing except keep serving.

Oh, there are patches for Windows that plug holes in these
viruses and worms running around but MICROSOFT HAS NEVER
ADDRESSED THE UNDERLYING ISSUE OF VULNERABILITY. They
mostly apply a patch to identify and halt an expected or current
virus. Microsoft appears to have FAR more security activity than
Apple because THEY NEED IT. Hackers change the signature of
the virus slightly and Microsoft is right back to designing a new
band-aid. At other occasions, they simply do something silly like
disable the use of a particular URL syntax to "fix" the problem -
a syntax that doesn't harm dozens of other operating systems
because NOBODY ELSE IS STUPID ENOUGH TO DESIGN AN OS
THAT DEFAULTS TO ROOT PRIVILEGES EXCEPT MICROSOFT.

Sorry for yelling, but until that's fixed, the Mac, Linux and all the
other Unicies will be more secure. Firewalls can slow "them"
down but if you can make a network connection to the firewall,
you can talk to it and trick it into being circumvented. The level
of security behind the firewall becomes very important and
Windows doesn't do it.

There are a bunch of known EXPLOITS for the other systems, a
dozen or so, which most all rely on someone sitting at the
keyboard with the administrator password to install or enable
the exploit. An exploit is a misuse of a computer and a virus is
considered self propagating without user knowlege or
intervention.

A good way to get your Mac or Linux machine exploited is to be
a person lazy enough to use the same simple word for the
username AND the password. That's not the operating system's
fault, though - that's the dumb admin. We had one of those
once. Username "media", password "media" and I got a root kit
installed with an IRC server for Darwin (the unix flavor of OS X).

One last thing - two years ago I got REAL tired of playing virus
whack-a-mole at work. I removed about 40 Windows machines
and gave them all OS X Macs. The users ******* and moaned for
a few weeks, much like the Mac pundits here who clearly haven't
lived with one for any length of time. They quieted down when
they learned the machine and had that "Aha" moment - 6 weeks
on average. After that, virtually every one of those people have
thanked me for the Mac and many have replaced their PCs at
home with a Mac. There wasn't one machine that had a problem
with a virus or an exploit and I was HAPPY.

There's a reason for everything and to each his own. Lately, a lot
of people have been questioning the reason for Windows. There
will be SOMETHING that tackles the Mac or Linux some day, but
Windows has a head start of over 100,000 viruses out there that
will kill your machine and that's just plain inexcusable on
Microsoft's part.
Posted by HuggerMugger (26 comments )
Reply Link Flag
Some Programs At Fault As Well
On Windows, some programs seem to require admin access to run correctly. I recently had this problem with "Sims 2" --- it wouldn't run correctly unless I made my normal user account an admin account.
Posted by bluemist9999 (1020 comments )
Link Flag
MAC newbie.
Your assessment is very well conceived and posed. Even I, as an MS OS user must agree. The MS OSes have not addressed any of the issues you mentioned, to any formidable degree as of yet. As a person that is new to the Apple OSes, I must know - what happens if a user other than a "root" user is placed in the position of installing a software that requires that level of permission(s)? If you would, please address the method an Apple software writer might use when considering an installation package to work with any Apple system or OS.
Posted by Sharkster (16 comments )
Link Flag
MAC newbie.
Your assessment is very well conceived and posed. Even I, as an MS OS user must agree. The MS OSes have not addressed any of the issues you mentioned, to any formidable degree as of yet. As a person that is new to the Apple OSes, I must know - what happens if a user other than a "root" user is placed in the position of installing a software that requires that level of permission(s)? If you would, please address the method an Apple software writer might use when considering an installation package to work with any Apple system or OS.
Posted by Sharkster (16 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.