HomeFairfax General ForumArrest/Ticket SearchWiki newPictures/VideosChatArticlesLinksAbout
Off-Topic :  Fairfax Underground fairfax underground logo
Welcome to Fairfax Underground, a project site designed to improve communication among residents of Fairfax County, VA. Feel free to post anything Northern Virginia residents would find interesting.
17-year-old Microsoft flaw affects Windows 7
Posted by: eesh ()
Date: January 27, 2010 03:20AM

A flaw that has been present in Microsoft software since 1993, and still affects Windows 7, has been published by a security researcher.



http://community.zdnet.co.uk/blog/0,1000000567,10014900o-2000331828b,00.htm?s_cid=259&tag=content;col1

http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html


"Microsoft isn't having an easy time of it these days," said the Heise article. "In addition to the unpatched hole in Internet Explorer, a now published hole in Windows allows users with restricted access to escalate their privileges to system level – and this is believed to be possible on all 32-bit versions of Windows from Windows NT 3.1 up to, and including Windows 7."



.

Blessed are the murderous.
Attachments:
facepalm.jpg

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: Muh Dick! ()
Date: January 27, 2010 03:35AM

Muh Dick!

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: huhhhhhu ()
Date: January 27, 2010 03:39AM

Muh Dick! Wrote:
-------------------------------------------------------
> Muh Dick!
Attachments:
bliss2.jpg

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: boredom ()
Date: January 27, 2010 05:14AM

The flaw is in part of the system used to support 16-bit applications. When was the last time you tried running one of those? You have to go out of your way to do that, and it's not exactly exploitable. =P

There is a very easy workaround and in any event, fixed inside of 7 days.

If people have to look for security holes in software used to support 16 bit applications, software that hasn't been touched in over a decade, that's a pretty good indication that the Windows 7 development team has done a solid job of locking down the OS.



Edited 1 time(s). Last edit at 01/27/2010 05:16AM by boredom.

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: ski ()
Date: January 27, 2010 06:10AM

So my system is vulnerable if I try to run SkiFree?

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: jhey ()
Date: January 27, 2010 08:02AM

If you're attempting to run Windows 7 on a 32-bit processor, you deserve to have your PC pwned.

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: SomeGuy ()
Date: January 27, 2010 09:03AM

There is also another critical flaw that has plagued every MS operation system.. from Dos to Win7. It's the user. Someone needs to upgrade/patch most of them too.

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: deez nutz ()
Date: January 27, 2010 11:07AM

Not a fan of Microsoft, but:

Is it the case or not that if the hacker community attacked other OS (Mac, Linux) with the vigor and persistence with which they attack Microsoft, those other OS would likely be exposed as having as many vulnerabilities and security flaws?

Same question re browsers - Explorer vs. Firefox, etc.

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: Wired ()
Date: January 27, 2010 12:06PM

deez nutz Wrote:
-------------------------------------------------------
> Not a fan of Microsoft, but:
>
> Is it the case or not that if the hacker community
> attacked other OS (Mac, Linux) with the vigor and
> persistence with which they attack Microsoft,
> those other OS would likely be exposed as having
> as many vulnerabilities and security flaws?

Yes.

>
> Same question re browsers - Explorer vs. Firefox,
> etc.

Same answer.

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: Gravis ()
Date: January 27, 2010 10:12PM

deez nutz Wrote:
-------------------------------------------------------
> Is it the case or not that if the hacker community
> attacked other OS (Mac, Linux) with the vigor and
> persistence with which they attack Microsoft,
> those other OS would likely be exposed as having
> as many vulnerabilities and security flaws?

the majority of internet servers run Linux with Apache, just like fairfax underground. the servers that get hacked are either poorly configured, get hit with an SQL injection (which is the fault of the webpage itself) or on occasion hacked through bugs in apache (especially when people dont apply patches). therefore, linux is already under a lot of scrutiny by hackers. OSX already has been exploited a few time and there are OSX zombies out there.


> Same question re browsers - Explorer vs. Firefox,
> etc.


firefox has a third of the global market and in some countries the majority of the market. there have been a few exploits "in the wild" but they get patched in hours, not days, weeks, months or years.


"the wisdom of the wise will perish, the intelligence of the intelligent will vanish."095042938540

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: deez nutz ()
Date: January 27, 2010 10:55PM

Thanks, G.

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: ThePackLeader ()
Date: January 28, 2010 01:27AM

Yay for 64-bit, woohoo!

==================================================================================================
"And if any women or children get their legs torn off, or faces caved in, well, it's tough shit for them." -2LT. Bert Stiles, 505th, 339th (On Berlin Bombardier Mission, 1944).

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: Lurker. ()
Date: January 28, 2010 03:29AM

Please Please Please stopping using source from a US company that can be accountable for the code. Go to a website and download "open source." As long as it says "free open source" download it and use it. LMAO

What country is open source created in? China? Iran? Pakistan? Ok... it doesn't matter.. it's free... free code,, I mean open source is better... Of course As long as there is a website that says this code was reviewed k-coder and latest update by Ali confirmed Long John Silver we should all download this code now to version 2.3.

Why would any good hacker spend time hacking the latest open source system when they could hack windows. Are there holes in Windows code... yes, but not even close to open source. A good admin will block all ports and knows how to limit to certain IP's.



Edited 2 time(s). Last edit at 01/28/2010 03:31AM by Lurker..

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: Gravis ()
Date: January 28, 2010 08:23PM

Lurker. Wrote:
-------------------------------------------------------
> Please Please Please stopping using source from a
> US company that can be accountable for the code.

when has microsoft been held accountable for anything?!


> What country is open source created in? China?
> Iran? Pakistan? Ok... it doesn't matter.. it's
> free...


i hope you realize that microsoft outsources the majority of it's programming. linux is reviewed by the NSA to make sure it's safe for them and others to use.


> Why would any good hacker spend time hacking the
> latest open source system when they could hack
> windows.


exactly, there are far more exploitable holes in microsoft products that are left gaping for months and years.


> Are there holes in Windows code... yes,
> but not even close to open source.


that must explain why the majority of servers are apache linux and the majority of compromised servers are windows. oh wait, that's backwards.


"the wisdom of the wise will perish, the intelligence of the intelligent will vanish."095042938540

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: Lurker. ()
Date: January 29, 2010 10:28AM

The NSA may have reviewed Linux, but the Linux servers in use are not "general install Linux" servers. The majority of government servers are windows. Microsoft servers are certified by the NSA and recommended. Top secret projects require all software to be from US companies.



Edited 1 time(s). Last edit at 01/29/2010 10:29AM by Lurker..

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: Gravis ()
Date: January 29, 2010 07:18PM

Lurker. Wrote:
-------------------------------------------------------
> The NSA may have reviewed Linux, but the Linux
> servers in use are not "general install Linux"
> servers.


the kernel and the basic tools (Linux Standard Base) is what is important because that is how privileges become escalated and you system gets compromized. if you are referring to the desktop environments, those are supported by companies like Red Hat and Novell. as for browsers, both Mozilla (for all there apps) and Google for Chrome/Chromium and their "OS" payout money to anyone who can find security flaws. widely used apps like firefox, chrome, evolution (replaces Outlook), open office (replaces MS Office Suite), Pidgin (previously called GAIM) (replaces MSN Messenger) have a hell of a better track records for bugs and security than their microsoft counterparts. hackers arent out to exploit uncommon client-side applications, so tell me, how am i at higher risk than using microsoft and other closed source products?


"the wisdom of the wise will perish, the intelligence of the intelligent will vanish."095042938540

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: Gravis ()
Date: February 01, 2010 09:19PM

Lurker. Wrote:
-------------------------------------------------------
> Please Please Please stopping using source from a
> US company that can be accountable for the code.
> Go to a website and download "open source." As
> long as it says "free open source" download it and
> use it. LMAO



btw, you use IceChat for an IRC client which btw is opensource. :)

explain yourself! oh yeah, and im h4x1ng you naow b cuz iz soooo e z!


"the wisdom of the wise will perish, the intelligence of the intelligent will vanish."095042938540

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: boredom ()
Date: February 01, 2010 10:02PM

Gravis Wrote:
-------------------------------------------------------
> Lurker. Wrote:
> --------------------------------------------------
> -----
> > The NSA may have reviewed Linux, but the Linux
> > servers in use are not "general install Linux"
> > servers.
>
> the kernel and the basic tools (Linux Standard
> Base) is what is important because that is how
> privileges become escalated and you system gets
> compromized. if you are referring to the desktop
> environments, those are supported by companies
> like Red Hat and Novell. as for browsers, both
> Mozilla (for all there apps) and Google for
> Chrome/Chromium and their "OS" payout money to
> anyone who can find security flaws. widely used
> apps like firefox, chrome, evolution (replaces
> Outlook), open office (replaces MS Office Suite),
> Pidgin (previously called GAIM) (replaces MSN
> Messenger) have a hell of a better track records
> for bugs and security than their microsoft
> counterparts. hackers arent out to exploit
> uncommon client-side applications, so tell me, how
> am i at higher risk than using microsoft and other
> closed source products?

Untrue. You evidently haven't been paying attention to most vulnerabilities. Usually, not always, but usually, the attack vector is through a 3rd party piece of software which, by definition, wouldn't be part of the kernel or basic tools.

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: Gravis ()
Date: February 01, 2010 10:56PM

boredom Wrote:
-------------------------------------------------------
> You evidently haven't been paying
> attention to most vulnerabilities. Usually, not
> always, but usually, the attack vector is through
> a 3rd party piece of software which, by
> definition, wouldn't be part of the kernel or
> basic tools.


where are you getting this information?


"the wisdom of the wise will perish, the intelligence of the intelligent will vanish."095042938540

Options: ReplyQuote
Re: 17-year-old Microsoft flaw affects Windows 7
Posted by: Registered Voter ()
Date: February 01, 2010 11:15PM

Yeah, I have to say that normally the hacks are NOT via 3rd party software AFAIK. There are times that 3rd party software has been the culprit in new holes, but the majority of holes are based off kernel and OS applications. For instance the early linux hacks extensively used buffer overruns to create packages that would then be fed to the print routine. There were dozens, if not hundreds, of buffer overrun exploits available in the early linux implementations. While 3rd party software offers new avenues, they require someone to actually install them for the problem to manifest.

If you can’t model the past, where you know the answer pretty well, how can you model the future? - William Happer Cyrus Fogg Brackett Professor of Physics Princeton University

Options: ReplyQuote


Your Name: 
Your Email (Optional): 
Subject: 
Attach a file
  • No file can be larger than 75 MB
  • All files together cannot be larger than 300 MB
  • 30 more file(s) can be attached to this message
Spam prevention:
Please, enter the code that you see below in the input field. This is for blocking bots that try to post this form automatically.
 **          ******    **     **  **     **  **     ** 
 **    **   **    **   ***   ***  **     **  **     ** 
 **    **   **         **** ****  **     **  **     ** 
 **    **   **   ****  ** *** **  **     **  **     ** 
 *********  **    **   **     **  **     **   **   **  
       **   **    **   **     **  **     **    ** **   
       **    ******    **     **   *******      ***    
This forum powered by Phorum.