ChatDD Blog

Microsoft issued an advisory on Monday about a security issue that could leave many Windows applications vulnerable to attack.

The advisory deals with a type of attack mechanism known as DLL preloading, or binary planting. Although the attack mechanism is not new or entirely unique to Windows, Microsoft acknowledged that there appears to be a new remote-attack vector that could allow more systems to be attacked quickly.

Two researchers at the University of California at Davis published a paper earlier this year on how programs that were vulnerable could be automatically detected. In recent days, security expert and Metasploit creator HD Moore published more information about this issue and is adding the vulnerability to his Metasploit program.

Moore said he did so in an effort to both make customers aware and encourage vendors to patch their applications, and he noted that he opted not to publicly list all the affected programs, though he did release a tool that helps users uncover which of their software could be vulnerable.

“As a compromise between releasing the full list of affected products and not saying anything at all, I decided to push a generic exploit module to the Metasploit Framework and release an audit kit that can be used to identify affected applications on a particular system,” Moore said in a blog post.” The audit kit should make it easier for other folks to identify vulnerable applications and hopefully have them addressed by the vendor.”

The existence of such proof-of-concept code makes it likely that an attack could appear in the wild soon, according to Joshua Talbot, a senior intelligence manager for Symantec security response. “Attackers then look at that and try to adapt it for their own uses,” he said.

Last Thursday, security research firm Acros Security warned that iTunes was vulnerable to such an attack. However, Moore and others point out that the vulnerability appears to affect far more than just iTunes, with potentially dozens of Windows programs similarly open to attack.

In the past, such attacks have required a malicious library to be implanted onto a local system. However, new research shows how the malicious code could also be planted on a network share, potentially making it much easier to attack vulnerable systems.

In its advisory on Monday, Microsoft said it has also issued guidance to developers on how to avoid the vulnerability and that it is checking its own code to see if any Microsoft products are at risk.

“We are currently conducting a thorough investigation into how this new vector may affect Microsoft products,” Microsoft said in a blog post.

Microsoft said it has also released a software tool that “allows system administrators to mitigate the risk of the vulnerability in question by altering the library-loading behavior for the operating system or for specific applications.”

Attacks using such libraries have been growing, as Windows and other operating systems have become more hardened to attacks that exploit memory corruption flaws, Talbot said.

Talbot recommended that users look at a mitigation suggested by Microsoft that involves changing a registry key setting so that libraries cannot be loaded over a network. Talbot also suggested that users take other steps, such as being cautious when clicking links or visiting unknown sites and also to make sure that their antivirus software is up-to-date.

Current antivirus software won’t necessarily stop a vulnerability from being exploited, Talbot said, but the software can sometimes detect the payloads that an attacker might try to install on a vulnerable system.

Bill Gates ain’t the richest man of the world anymore.

Carlos Slim Helu takes No. 1 spot on Forbes World’s Billionaires List.

1) Carlos Slim Helu

Net Worth: $53.5 billion

Source: Telecom

Residence: Mexico

• Telecom tycoon who pounced on privatization of Mexico’s national telephone company in the 1990s becomes world’s richest person for first time after coming in third place last year. Net worth up $18.5 billion in a year.

2) Bill Gates

Net Worth: $53 billion

Source: Microsoft

Residence: U.S.

• Software visionary is now the world’s second-richest man. Net worth still up $13 billion in a year as Microsoft shares rose 50% in 12 months, value of investment vehicle Cascade swelled.

In an attempt to boost sales of its most recent operating system (Windows Vista), Microsoft yesterday ceased sales of Windows XP, their previous operating system.
The popular operating system will still be sold separately until June 2010, but major computer manufacturers can no longer buy it for installation on new computers. Smaller companies, however, will be allowed to sell it installed until the retail date expires.

The decision was made much to the dismay of many loyal Windows fans, who claim that Windows XP is far superior. XP was originally scheduled to stop sales earlier this year on Jan. 31, but increased demand persuaded them to push the date back five months.
Users who want XP on their future computers will have to purchase XP separately and legally “downgrade” to their preferred software of choice. This may entail the purchase of both programs.
Windows Vista Ultimate currently costs upwards of $300.00 when bought off of the Microsoft Web site, and can run anywhere from $200.00 to $350.00 when bought form a different vender. By comparison, Windows XP can cost between $135.00 and $250.00 when bought form other venders.
The presence of compatibility issues creates a problem for businesses that have networks based on the XP format. Upgrading may generate more problems with the network than it will benefits.
Microsoft boasts that Vista has an updated security system, improved searching features, and a flashy new interface called “Aero.”
Many users complain that the operating system requires too much RAM, the amount of memory a computer recall at random, creating bugs and slowing down operating speed. For lap top users this decreases battery life significantly, although this can be fixed by switching from Aero to an older interface.
A “Save XP” petition, which has recently been submitted to Microsoft, on popular computer Web site Infoworld has garnered more than 210,000 signatures from users who don’t want to have to buy Vista on their next computer. Read more…

One Laptop Per Child XO laptop were in talks with Microsoft to integrate the Windows XP operating system. Recently, Microsoft planned to start working on a version of Windows XP for the OLPC XO laptop, with its limited trials, which is expected to be out in January.

Non-profit Foundation OLPCs XO laptop that has been created for developing countries is already shipping in few countries with a Linux Operating system. However, the low-cost flash-based computing device will get formal design guidelines from Microsoft on Windows XP support by mid-2008. This designing machine is expected to deliver a high-quality Windows experience.

Developed to provide education, fostering local innovation, and enabling jobs and opportunity, versions of the XO PC running Windows wont be available in the U.S. or Canada.

Microsoft aims to provide a high-quality Windows experience on the XO device; if this is achieved, then Windows XP for the XO could be available as early as the second half of 2008. And the Government looking forward to buy the One Laptop Per Child XO laptop, needs to consult Microsoft regarding the possible Windows XP availability date, pricing and support policies.