Be on the wave or under it™

Fake Microsoft Security Advisory

Title: Ongoing Compromises of the Windows Operating Environment

Date: 20 August 2003

Software:

• Microsoft Windows 3.1
• Microsoft Windows 95
• Microsoft Windows 98
• Microsoft Windows NT 4.0
• Microsoft Windows SE
• Microsoft Windows ME
• Microsoft Windows 2000
• Microsoft Windows 2000 Server
• Microsoft Windows XP
• Microsoft Windows Server 2003

Impact: Run code of the attacker's choice

Max Risk: Important

Bulletin: MS02-0401 (REVISED)

Microsoft encourages customers to review Security Information at: http://www.microsoft.com/security on a regular basis, and subscribe to CERT/CC bulletins at http://www.cert.org.

-----------------------------------------------------------------

Issue:
=====

Microsoft Windows is a collection of software components that enable users to experience the Internet. All components share a common series of interfaces that taken together comprise the Windows Operating Environment.

-         By default, Internet Explorer is enabled on all systems running Microsoft Windows. (It should be noted that there are substantial issues with Internet Explorer reported; users should consult the Microsoft Security Resource Center to obtain the appropriate patches.)

-         Insecure scripting languages such as VBScripting are used throughout the Microsoft Windows Operating Environment and included in many Microsoft applications such as Microsoft Office. Users have reported that it is difficult, if not impossible, to completely remove such scripting features even though they are proven to be regularly exploitable, thus making it likely they will be subject to repeated exploitation.

-         Microsoft products often integrate with the operating system internals, meaning that by installing new software, particularly from Microsoft, the operating system may become modified and thus provide an opportunity to introduce new vulnerabilities or exploit trusted relationships within the Windows Operating Environment. As such, many applications are difficult to uninstall completely from a computer since they may be serving as patches to the underlying operating system.

-         Improper software development has facilitated repeated security incidents resulting in the loss of customer information, e-mail addresses, system downtime, and customer productivity in environments based on the Microsoft Windows Operating Environment. User misconfiguration is also a factor.

-         Microsoft products are often rushed to market without a thorough check of the software quality. Buffer overflows are one result of this issue, and after several years of high-profile incidents, continue to impact the technology community instead of being fixed once and for all. Microsoft notes that it frequently releases patches to existing patches and believes this is the best way for users to stay protected given Microsoft's current software development and business practices.

-         Due to the frequency of patches and critical fixes being released to the user community, it's quite likely that many network administrators are hesitant to install such patches, since the cure may be worse than the original problem, or even create new ones, as evidenced by issues arising from several Windows Service Packs over the years.

-         Despite advances in marketing a concept of "Trustworthy Computing" it is unlikely that there will be any single solution to remedy the many issues associated with the security and stability of Microsoft products.

Microsoft prides itself on innovation and consistency in developing new and exciting software products. Over the years, customers have come to expect this as a hallmark of how Microsoft does business. The fact that each new security incident resulting from Microsoft products presents a higher degree of danger to the Internet community is one example of our ability to produce software products in a consistent manner with regard to quality assurance, reliability, and security. We reiterate our pledge to provide software products with a consistent level of quality to our customers worldwide.

Mitigating Factors:
====================

-         For an attack against Microsoft Operating Environment to be successful, the user/victim must be running an exploitable version of Microsoft Windows.

-         Microsoft Windows systems operating in closed network environments stand a somewhat higher chance of survivability when new security incidents regarding Microsoft products is reported than other, more exposed systems. Systems that are not connected to a network are most secure from such network-based exploits.

Risk Rating:
============

-         Important

Patch Availability:
===================

  - No patches are available to fix this vulnerability. However, there are three technical actions for users to take to increase their level of operating system and information security:

(1)   Boot the affected computer from a floppy disk.

(2)   At the command prompt, type "format c: /sys." For more severely-damaged systems, run the FDISK command. (Visit http://fdisk.radified.com/ for information on this Microsoft-produced disk utility.)

(3)   Once complete, decide on what non-Microsoft operating system you would like to use instead. Some suggested ones are Linux and Mac OSX. (Note that users will need new hardware to take full advantage of Mac OSX.) Users are strongly advised to avoid anything with the words "SCO" or "UnixWare" in it, as these words represent a company that's almost as greedy and evil as we are at Microsoft.

This Advisory supersedes Microsoft Security Bulletin MS02-0401 "Local User Actions May Provide Unauthorized Remote Access" dated 1 April 2002. This Bulletin may be found at http://www.infowarrior.org/articles/2002-04.html.

Acknowledgment:
===============

Microsoft thanks Richard Forno for reporting this issue to us and for working with us to help protect customers. Richard Forno (www.infowarrior.org) thanks the internet community for recognizing a belated (but quite truthful) April Fools' joke when they see it. :) He further thanks Microsoft for producing products that not only keep him and his friends employed as IT and security professonals but continue to pollute the Internet and adversely impact on people not even running Windows.

Thanks a bunch, guys.

----------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. MICROSOFT HAS NO KNOWLEDGE OF THIS APRIL FOOLS SATIRE AND HAS NOT ENDORSED IT, NOR DID THIS 'SECURITY BULLETIN' ORIGINATE FROM ANY MICROSOFT OFFICE. IT'S A SATIRE -- SO READ IT, LAUGH, AND HOPEFULLY LEARN FROM IT. :) MICROSOFT IS A TRADEMARK OF MICROSOFT CORP.

Return to Mike’s Take