Virtual computing expert 2X Software has identified one of the biggest security vulnerabilities in the Windows OS for many years.
Any PCs and servers running anything from the latest Windows 7/Server 2008 versions down to Windows 2000/Server 2003 are affected – they can be crashed just by running some simple code giving major implications for Denial of Service attacks.
Microsoft has already been informed.
This means tens of millions of home and business PCs and servers across the globe are potentially at risk.
One of 2X Software’s bespoke testing tools uncovered the critical error in the Windows operating system resulting in a blue screen and system reboot.
Testing this 10-year old bug showed that the following operating systems are all affected: Windows 2000, Windows XP (and XP Embedded), Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2.
The code needed to crash the system is very easy to develop and perfectly legal, with no ‘tricks’ or unusual techniques being required.
With just a few lines of code an application can be created that will crash the whole Windows system.
This flaw can be easily used inside malicious applications to generate a Denial of Service attack.
The problem can be easily corrected within the OS code by validating the arguments passed to the API.
Paul Gafa, CTO of 2X Software, says: “This is a major problem with potentially tens of millions of devices at risk. Such a vulnerability leaves users open to Denial of Service attacks which can be devastating – imagine your company servers and PCs being restarted remotely every few minutes.
“As it affects all the latest versions of the operating system, I expect Microsoft to patch it very quickly. They have already been informed.”
As the crash vulnerability needs some code to run, users are at risk when running an application, script, or active x control.
As with all malicious code, the best way to avoid problems is not to run any applications from unknown sources, avoid websites of unreliable content, configure your web browser to the safest settings, and arm yourself with an updating virus scanner.
Businesses running Thin Client architecture that use other operating systems, such as 2X, are unaffected.
However, the Windows-based server side will have the same crash vulnerability (i.e. terminal server or VDI guest operating system).
The vulnerability appears to have been introduced during the development of the Windows 2000 Operating System (as Windows NT 4.0 is unaffected) and so is around 10 years old.
It is also present on 64-bit versions of the Operating System (having tested Windows 2008).
Configuring the user as a limited one without administrator rights has no effect and the problem still persists.
As per the screenshot, the crash occurs in the win32k.sys module.
Server-based Computing and Virtual Desktop Infrastructure inherently provide a more secure environment for enterprises.
Running hosted applications and desktops, with the necessary administrative precautions in place, will result in such attacks being less harmful as the local OS is not located where the application is running (and where the data is stored).
Furthermore, such centralised environments are less likely to suffer from attacks where trojans are used, as servers are normally closely monitored.
SOURCE: http://www.securitywatch.co.uk
0 Visitor Reactions & Comments: