:: NORMAN :: Antivirus | Firewall

Hem

Nyheter

Produkter och tjänster

Virus och säkerhet

Support

Ladda hem

Partner

Köp

Välj land

Välj produkt

Virus och säkerhet » Säkerhetsinformation » 2000 » Crashing Windows 95/98 locally and remotely

Crashing Windows 95/98 locally and remotely

Lägg till Mina Norman Bokmärken

Security Information Week 11, 2000

A new way to crash some Windows-based operating systems has been discussed in security groups and mailing lists recently.

This is based on the fact that old DOS functions still remains in some of the 32 bits operating systems. The vulnerability exploits default devices like CON, COM etc.

In short, the vulnerability exposes the fact that these operating systems do not handle multiple references to the same built-in device correctly.

There are different ways to use this exploit.

Physical access

If someone gets physical access to a computer running Windows 95 or 98, she may cause that computer to crash by trying to start e.g. the non-existing file c:\nul\nul.

Web links

More dangerous is the fact that this technique may be used by malicious webmasters as well.

Such a person can either create a link on her page which references such a device, or she may load the command into the browser by using the <img scr="device name"> tag.

You may test this by simply clicking on the link below, which is an implementation of the vulnerability.

This will crash your computer if you are running Windows 95 or Windows 98. Be sure that you do not have any open application with non-saved information.

Clicking this link here will crash a computer running Windows 95 or Windows 98.

E-mails

The most dangerous way to use this exploit however, is by embedding it in e-mails.

A user of HTML-enabled e-mail clients with preview mode enabled (like Microsoft's Outlook) will experience computer crash if he receives an e-mail from someone which has used a tag in the e-mail as described above.

The link below to Frequently Asked Questions about this vulnerability describes how to disable preview mode in Outlook.

Other implications

It has been reported that the vulnerability may also be used to crash e.g. ftp-servers remotely, if the server is running on a computer with one of the vulnerable operating systems.

Microsoft has a patch available

Microsoft has released a patch which eliminates this vulnerability. We strongly advise users of Windows 95 and Windows 98 to install this patch.

More information about this vulnerability is available from these links:

Microsoft's Security Bulletin MS00-017 (which includes links to the patches)
Microsoft's Frequently Asked Questions regarding this vulnerability

Microsoft has also announced that the issue will be addressed as a Knowledge Base article with reference No Q256015. This was not available when this Security Information was written.

Users of Windows NT and Windows 2000 are not affected by this vulnerability.

Per Olav Førland

AKTUELLA VIRUS HOT

Medium risk
15	Aug	08	AntiVirus 2008
24	Oct	07	Pidief.A
24	Jan	07	Tibs
25	Sep	06	Stration
18	Jan	06	Small.KI
12	Sep	05	Bagle.CS
17	Aug	05	Zotob.B
08	Jun	05	Mytob
17	Feb	05	MyDoom.AQ
26	Jul	04	MyDoom.L
25	Mar	04	Netsky.P
Low risk
05	Mar	07	Viking.GT
27	Jan	06	Feebs
16	Jan	05	MyDoom.AH
22	Apr	04	SDBot
30	Mar	04	Netsky.Q

Senaste publicerade virusdefinitioner

>>	2009-01-07

Säkerhetsinformation

>>	Summing up 2008 and predictions for 2009
>>	Christmas time - a season to enjoy AND fear

Säkerhetsnyheter och råd

>>	Unscheduled update for Microsoft Internet Explorer
>>	Six critical updates for Microsoft systems in December 2008

Norman är ett av världens ledande företag inom IT-säkerhetsområdet. Med produkter som viruskontroll och nätverkssäkerhet spelar företaget en viktig roll i IT-industrin.