LISTSERV 16.0 - PARKINSN Archives

Researcher: Windows flaw remains

Saturday, Jul. 12, 2003 - Dubbed "shatter" attacks by the original
discoverer, the class of security hacks uses the Windows messaging system
to request that insecure but privileged applications run malicious code.

The Windows messaging system is the medium through which applications and
the Windows operating system communicate with each other.

Oliver Lavery, an independent researcher and author of a paper published by
security consultancy iDefense on Friday, said that Microsoft fixed the
original flaw found but left the basic messaging system untouched.

Applications that run with system privileges but don't follow Microsoft's
recommended security practices allow the vulnerability to be exploited.

"I think the point that many people have missed in the past is that this is
not a single attack, it's a type of attack," Mr. Lavery wrote in an e-mail
interview.

"Taken alone each instance of a shatter attack is a problem, but not a
critical one. The fact that this type of hole is present in many
applications, including parts of windows itself, makes the problem much
more serious."

Because the vulnerability requires that a user on the system run the attack
code many people dismissed the attack as unimportant when a researcher
released two papers on the issue last year.

No wonder: The vast majority of home users have full administrator rights
on their PCs, making privilege escalation a moot attack.

However, many corporations only allow employees to have limited user
accounts, while kiosks, libraries and Internet cafes usually don't allow
users to modify the system.

Such situations are where privilege-escalation attacks are most dangerous,
Mr. Lavery said.

"With modern Windows versions, a normal user account isn't permitted to,
say, format the drives in a computer, this sort of function should be
restricted to administrators," he said in the e-mail.

"Shatter attacks allow this restriction to be circumvented, so a hostile
program which exploits a shatter vulnerability can do far more damage than
one that does not."

Chris Paget, a security researcher, originally wrote about the "shatter"
privilege escalation attacks last fall.

"The root cause of the problem is that any application can send any message
to any other application on the same desktop," said Mr. Paget, now a senior
security consultant with Next-Generation Security Software.

"When the target application receives a message, it has no way of
discerning whether the message was sent to it by the system or by another
process."

However, the direness of his warnings and the fact that several errors were
found with some of his claims led many people to debate the importance of
the research.

Microsoft's initial dismissal of the paper reinforced that.

The software giant discounted the threat because an attacker would require
"unrestricted physical access to your computer" to use the exploit, the
company argued in a statement sent to CNET News.com last year.

Microsoft's tune changed a few months later.

In December, the company issued a patch that fixed the instance of the
problem that Mr. Paget had identified.

On Wednesday, Microsoft corrected another instance of the vulnerability
when it closed a hole in the Utility Manager, which was included in Windows
2000 to handle accessibility options for PCs.

Ian Mulholland, security program manager for the Microsoft Security
Response Center, said that the software giant had needed time to
investigate the issue before it realized the danger.

Moreover, Mr. Mulholland said that application makers that follow
Microsoft's security guidelines would not have vulnerable applications.

The company has long recommended that software makers not use the messaging
system for highly privileged applications.

At least a handful of developers still haven't adopted this basic measure
of protection.

"We published a Knowledge Base article on this back in 1994 - that
recommendation well predates this instance," he said.

"At the end of the day, we can make the recommendations, but if people
choose to do otherwise, we can't force them."

Researcher Lavery said he understands the problems in fixing the flaw.

The solution would require an extensive rewrite of vulnerable applications.

In his paper, Mr. Lavery suggests a temporary solution, but it's likely
that the issue will remain until all software makers improve the security
of their code, he said.

"The fact that numerous applications are written in a manner that is
vulnerable to message-based attacks is not due to a fundamental flaw in
Windows," he wrote.

"The flaw lies in the way programmers are writing software that runs on it."

By ROBERT LEMOS
CNET News.com
POSTED AT 6:48 PM EDT
http://www.globetechnology.com/

----------------------------------------------------------------------
To sign-off Parkinsn send a message to: mailto:[log in to unmask]
In the body of the message put: signoff parkinsn