New Critical Bug In All Current Windows Versions

Trailrunner7 writes "Microsoft is warning its users about a dangerous flaw in the way that Windows handles certain MHTML operations, which could allow an attacker to run code on vulnerable machines. The bug affects all of the current versions of Windows, from XP up through Windows 7 and Windows Server 2008. Microsoft issued an advisory about the MHTML vulnerability, which has been discussed among security researchers in recent days. There is some exploit code available for the bug, as well. In addition to the advisory, Microsoft has released a FixIt tool, which helps mitigate attacks against the vulnerability in Windows."

Knowledge Base containing Fixit Link

[Nuisance]

Would be nice to have seen these in the article...

http://support.microsoft.com/kb/2501696 [microsoft.com]

Re:Knowledge Base containing Fixit Link

[icebike]

Perhaps also useful would be a hint that simply avoiding Internet Explorer would provide all the protection from this bug that is needed.

Re:

[santiagodraco]

No kidding. But hey, Microsoft just wants liability protection. They don't give a shit about actually giving users the data they need to protect themselves if it means tarnishing their image.

They know you can't replace Windows, but you can easily replace IE, hence it's a "Windows" problem.

Re:Knowledge Base containing Fixit Link

[TheLink]

Uh that's all the data most of their users need. Most of their users want a simple "FixIt" (that's how they often get into trouble in the first place, but that's not MS's fault). Most of these users aren't going to even know about this problem though. They'll only get a fix if MS ever releases it in a Windows Update and they have Windows Updates enabled.

As for the rest of the users who actually care to know more: https://www.microsoft.com/technet/security/advisory/2501696.mspx [microsoft.com]
The very few who are that interested can find out even more details themselves.

So it's inaccurate to say MS doesn't give a shit about this problem.

Re:

[fragMasterFlash]

What about Outlook? Can this exploit be triggered by code embedded in an email?

Re:

[ais523]

According to Microsoft's security advisory, you can trigger the bug like that but Outlook's security settings are too locked down for it to actually be exploitable there.

Re:

[lul_wat]

Use Thunderbird instead?

Re:

[Tenebrousedge]

Hidave, it sounds like you have some PEBKAC issues. It is recommended that you wipe your system with a liveCD and start from scratch (installing windows, then office etc). Assuming the data on your discs are still intact, this should return you to a working state. Otherwise, download a new windows ISO and go from there. Your system will probably be pwned thirty seconds after you connect it to the internet, so delay that step until your system has its bum-cover (AV) on.

You have learned why backups are impor

Re:

[CastrTroy]

I can't think of any serious browser that uses the IE rendering engine. Firefox, Opera, Chrome, and Safari all use their own rendering engines. That covers 99.999% of all browsers in use.

Re:

[parlancex]

Many applications that display embedded HTML would be at risk. Those applications include Steam, MSN Messenger and others, etc.

Re:

[EvilIdler]

Steam uses WebKit now, so no problem there. MS products are of course always at risk while there are vulnerabilities in the IE engine.

Re:

[Zuato]

The major third party browsers do not : Firefox, Chrome, Opera.

Outlook, Outlook Express, and Windows Live mail are also impacted by this unless you have IE locked down tighter than most users would have.

Re:

[weicco]

Heh. I'm a flamebait by simply changing one product to another. But to be honest, I was expecting such moderation much earlier :)

Investing

[cosm]

Can I just say that now is probably a good time to invest in the tech industry. Since /. has redesigned the site, I believe productivity levels in the industry will be on the rise due to the number of commenters leaving in droves.

Re:Investing

[Anonymous Coward]

I'd mod you up but moderation is broken on opera

Re:Investing

[artor3]

And I'd mod you down, but doing so would make my post (and all other child posts) invisible as well. Heck, since you posted as AC, odds are no one will ever know this post was here.

Re:

[migla]

And I'd mod you sideways if there was that option and if I could see any plusses and/or minuses on the metamod page, so that I could metamod and maybe get some modpoints.

Re:

[Securityemo]

On the other hand, just making all posts above -1 visible and plowing on through seems easier now. That's what I'm doing ATM anyway.

Re:

[Antisyzygy]

I'd mod you down for using Opera, but ator3 already mentioned why I can't.

Re:

[WrongSizeGlass]

Now inline commenting and moderation is fucked up, All they want to do is create a site for "people that use Safari browser".

I see they finally got my letters! Yay Slashdot!

Re:

[rudy_wayne]

Why mod me down for Using Opera? It was the ONLY browser in which /. could render properly before the redesign fuck up.

Now inline commenting and moderation is fucked up, All they want to do is create a site for "people that use Safari browser".

Slashdot is death, suck it

Every since the "new design" displaying posts has been fucked up. In Firefox, my normal browser, a small bit of the far left of each post is cut off. Ironically, I decided to try Internet Explorer (v8) and I am writing this reply in IE which displays the "new" Slashdot better than Firefox.

How interesting.

Re:

[HJED]

Work fine (if not faster) for me in FF on Ubuntu.

Re:Investing

[DAldredge]

I would mod you up but /. hasn't given me mod points for 3 or 4 years.

Re:

[ColdWetDog]

Hang in there Anitsyzgy - I was in the same place then last week - poof - mod points. All week. Now you get 10 of the stupid things.

Kinda like dingleberies - they hang around and are hard to get rid of. You're probably doing better posting than moderating anyway.

Re:

[EvilIdler]

For the past year and a half I've been getting mod points as soon as the previous bunch expired. It's bordering on annoying :)

Re:Investing

[Mr. DOS]

Sorry, but the 10 mod points is because you've been singled out [slashdot.org] (check the question “Why do I have 10 moderator points instead of the usual 5?” under Comments and Moderation), not because of the new design.

Re:Investing

[ikkonoishi]

I must be a moderating god because I get mine in chunks of 15. O_o

Yes. The power! Its going to my head. I am the mod god! Its me!

Re:

[Sponge Bath]

./ needs an online FPS called Mod Arena where people with mod points can wager them in virtual combat. The winners can then sculpt discussions in their own Mod God self image. For instance you could mod up all posts about Lord of the Rings as "+1 Super Cheetos Cool" and mod down all Star Wars posts as "-1 Decaying Franchise".

Oh, yeah. To stay on topic: Windows has security problems.

Re:

[ColdWetDog]

Two moderators enter! One moderator leaves!

Re:

[Securityemo]

So do I, actually. I wonder what the actual statistics are for mod point allocation?

Re:

[Maow]

I'd mod you up but moderation is broken on opera

I'd mod him up, but reading is broken on Firefox.

Re:

[Linker3000]

I'd mod up too, but I am not here any more. Seriously, any change takes a while to get used to, but the new site design is an epic fail of Digg proportions. I have now added an RSS feed to /. on my phone and that's pretty much as far as I get with /. now.

Re:

[Zelgadiss]

I quite like the new site actually, it's clean and seems less buggy then the old one.

While it had some bugs when it was release, most of them appear to have been fixed.

The only issues I have with it is the mobile version, text is too small, and quite a few rendering glitches (over-lapping text, title of top post getting clipped).

Re:

[dave562]

I would reply to this, but if you were to reply back to me, I would have to drill down through a whole slew of posts to find what you wrote. Where as previously I could just go to http://slashdot.org/~dave562/comments [slashdot.org] and then click on the comment you replied to. It would bring up a nice, EXPANDED tree view of the discussion thread.

One step forward, two steps back? Ah hell, who am I kidding. We all know that three steps were taken, but they were all in the same direction.

Re:

[Cthefuture]

Is it just me or does the front page not show the number of comments any more? I really liked that and now it feels weird.

Any way to turn it back on?

Re:

[Anonymous Coward]

I liked that too.

I also liked the ability to do basic slashdot stuff WITHOUT HAVING TO FUCKING ENABLE JAVASCRIPT!

Re:

[Anonymous Coward]

People leaving in droves affects comment numbers. Best not to advertise it on the front page :)

Re:Investing

[uvajed_ekil]

You're right, I'm not seeing the number of comments, either. I liked having it - I knew instantly if there was a big buzz about something, or if taking time to throw in my two cents might matter for a stalled thread.

Re:

[Rick17JJ]

As I am typing this, it says there have only been 92 comments, so far. I have been wondering where all the comments and replies went. Do I just did not know how properly use the new version of their website to see all of the comments that might possibly really be hidden somewhere there?

Even when I click on various comments, I am not usually not finding many additional replies hidden beneath that comment. I am only seeing a tiny fraction of the amount of comments and replies that I had normally been seeing o

Re:Investing

[seifried]

I think they've "pulled a Digg"

Re:

[jambarama]

Hopefully they learn somewhat from digg and redesign in a faster less buggy & controlling way.

Re:

[melikamp]

Nah. Now people will waste even more time trying to fix the bugs with Stylish hacks like these:

One-liner contrast:

#comments .oneline {background: #F5F5F5 !important;}
#comments .oneline p {color: Black !important;}
.oneline .commentBody {color: Black !important;}

Highlighting friends:

span.friend {
border-style: groove;
border-width: 2px;
background-color: #32CD32;
}

span.friend > a:link {
color: black !important;
margin-left: 1em !important;
margin-right: 1em !important;
}

Re:

[Tacvek]

Nice thanks. I actually did better than highlighting friends, and restored the original icons, while ensuring the icons still function as a link.

In case anybody finds it interesting: https://gist.github.com/801524 [github.com]
(Sorry about Gist's syntax highlighting making it hard to read, but you can click the raw link for the formatted text.)

Re:

[melikamp]

Very nice. I actually made a mistake: Black should be black. It works, but it's not kosher.

And after much cursing, I managed to kill the box on the left:

div.col_1 { display: none !important; }
section#firehose { margin-left: 0 !important; }
section#comments { margin-left: 1.5em !important; }

Re:

[nmb3000]

It's so frustrating how correct you are. I used to enjoy reading comments to a story, but now it's essentially impossible because of how BROKEN the scrolling is (at least in Firefox and IE). Scrolling using the mousewheel is slow as hell and when using the keyboard it's very unresponsive. That and the new style is hard to read and has too much whitespace. I feel like I'm staring at a lightbulb trying to read gray text.

For me this redesign has just demonstrated why I hate web 2.0. You are held hostage a

Re:

[Ephemeriis]

everyone hates it

I actually kind of like the new design.

I used to enjoy reading comments to a story, but now it's essentially impossible because of how BROKEN the scrolling is (at least in Firefox and IE). Scrolling using the mousewheel is slow as hell and when using the keyboard it's very unresponsive.

Scrolls just fine for me in Firefox 3.6.13 (which I use at home) and Firefox 4.0b10 (which I use at work) and IE7/IE8 (also used at work).

That and the new style is hard to read and has too much whitespace.

Hadn't really noticed any real change in readability.

My only real complaint would be seeing replies to my comments. Used to be the email you got provided a link directly to the reply, now you have to drill down through several layers of comments to see what was said. That's genuinely annoying. But not crippling.

Re:Investing

[lowlymarine]

Clearly it's just your horribly dated hardware. Everything's fine on my i7-2600k, time to get with the times grandpa!

Re:Investing

[Culture20]

Assuming you're using the javascripty version of Discussion2
Take a look at your process list. Your browser is eating at least one of your cores. open a few more /. windows. Feel the burn. My single core machine was dying with just one window open. I had to go back to Discussion1 and flag /. with noscript. http://slashdot.org/users.pl?op=editcomm [slashdot.org]

Re:Investing

[icebraining]

Classic version ftw. It doesn't use more than 6-7% of one core (AMD AthlonII X4 620).

Re:

[PitaBred]

While I'm running an H.264 transcode in the background (which uses 100% CPU) and still surfing Slashdot, and it is running fine. But then again, I'm using the FF4 64bit nightly build.

Re:

[DeathFromSomewhere]

Currently using 3% CPU, not once did I see it go above 10% while posting this (running various shit in the background). Chrome stable on Windows 7. Maybe it's time to upgrade?

Re:

[Culture20]

Maybe it's time to upgrade?

No, it's time for /. to fix its slashcode. Not every laptop/netbook out there has dual cores or greater yet. I didn't even try the new interface on my phone, but I have noticed that even the classic interface is slower on my phone with the new graphics, and when in horizontal aspect, the stories remain "vertical" with a big gray emptiness on the right side. /. has become severely buggy.

Re:

[MartinSchou]

Let's see. I'm running Opera 11 on OS X 10.6.6 on an iMac from 2008 (2.4 GHz Core2Duo, 2 GB RAM), and Opera is using less than 1% CPU.

Activity Monitor is consuming more space than Opera, and Slashdot isn't the only site I have open.

I'm thinking it's a very localized problem

Re:

[dbIII]

For one thing I intensely hate how the sidebar on the left obscures a few columns of article and comment text until about 4/5 of the way down the screen on firefox FFS. If they can't get it right for the current firefox on linux (and I'm assuming other platforms) then where does it work? Is this an iPad only site at the moment?

Which versions

[bvimo]

WTF is a current version of Windows? 3, 95, 98, Me, 2000, XP??

Re:

[postmortem]

WTF is a current version of Windows? 3, 95, 98, Me, 2000, XP??

Versions that are still supported actively, which are Windows XP SP3 and newer.

Re:

[bvimo]

Thank you.

Re:Which versions

[PatPending]

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems**
Windows Server 2008 R2 for Itanium-based Systems
Source: http://www.microsoft.com/technet/security/advisory/2501696.mspx [microsoft.com]
Appears to apply only to Internet Explorer

Re:

[stoborrobots]

Appears to apply only to Internet Explorer

And anything else which uses the MHTML component, which includes many, many applications, including anything which uses the "Windows Help" system...

Re:

[SadButTrue]

Ohhh!!!! There is a help system in windows? I did not know that.

Re:

[Drgnkght]

Don't get too excited. It isn't actually helpful.

Re:

[Korin43]

Ha! And they said I should stop using Windows 98!

Re:

[The MAZZTer]

Umm it's right in TFS.

from XP up through Windows 7 and Windows Server 2008

Re:

[PatPending]

Why should he have to read TFS when there are fools (like me; see my earlier reply and my sig) who post informative replies? ~

Re:

[1u3hr]

It doesn't mean that non-current versions are safe, just that they didn't bother to test them. So just assume it's every version. Or if you don't use IE, no version.

Re:

[WorBlux]

Anything that is still officially supported (XP service pack 2, and Windows 2000 aren't, anything newer is)

Re:

[jez9999]

So does this bug not happen on XP SP2, or do they just not give a shit about users who're using it?

Is it Windows or Internet Explorer?

[Luxemburg]

I would assume Firefox handles its MHTML itself?

a

Re:

[JSG]

Try using a search engine with the term MHTML and getting something like this: http://en.wikipedia.org/wiki/MHTML [wikipedia.org]

On FF you'll need a plugin to "see" MHTML, whatever it is. It seems to be an unholy mix of HTML and MIME and sounds unpleasant and probably a bit unnecessary.

Cheers
Jon

Re:

[Saint Stephen]

Nothing really works with .mht anymore, anyway. I used to use it to save web page receipts, etc. no more.

Re:

[cbiltcliffe]

Well, that does look like it's going to be a pretty wide open security hole..... :-/

Microsoft takes 2 weeks to confirm things

[Anonymous Coward]

http://www.80vul.com/mhtml/Hacking%20with%20mhtml%20protocol%20handler.txt [80vul.com]

Incorrect Article Title (Headline)

[lloyddean]

Who writes these Headlines. It's not a NEW bug it's an (possibly) un-noticed OLD bug.

Re:

[JSG]

Well Mr six dig, RanDomCapS 'n' punctuationeer extraordinare - who can say?

Apparently someone called Timothy left their name on the article for all to see.

This: https://www.microsoft.com/technet/security/advisory/2501696.mspx [microsoft.com]

was posted 28 Jan 2011.

When did you notice the bug? - We'd all love to hear your insights on it.

Cheers
Jon

Re:

[seifried]

The bug was noticed about 2 weeks ago: http://www.80vul.com/mhtml/Hacking%20with%20mhtml%20protocol%20handler.txt [80vul.com]

The Reason for Window Bugs

[NicknamesAreStupid]

It goes so fast that those little buggies just can't get out of the way. Besides, they are drawn to the light.

Yawn... Slow news day?

[mysidia]

The bug's not new... in multiple editions of Windows; that means it's been around for quite a while.

Newly discovered, yes, but in the average month there are over 20 serious newly discovered bugs in Windows. And there are millions more where that came from.

Re:

[PPNSteve]

The bug's not new... in multiple editions of Windows; that means it's been around for quite a while.

Newly discovered, yes, but in the average month there are over 20 serious newly discovered bugs in Windows. And there are millions more where that came from.

It's not a bug! It is a FEATURE!!
Get with the times, man.

Someone call teh ROFLCOPTER

[Crypto Gnome]

MSIE just shot itself in the foot.

MHTML is a microsoft-ism

If you do not use the worlds-most-villified-browser, and if you have also not explicitly installed a plugin (or otherwise) to enable MHTML support in our *much less sucky* browser, then you are golden.

Re:

[shutdown -p now]

Opera also supports MHTML.

monolithic system

[amn108]

Goddamned monolithic systems... Insecure components breaking entire installations, where the components themselves are not used more than once a year perhaps. Way to go, Microsoft, seems you're religious about all of it.

Why don't you link to the Microsoft adisory?

[Otis_INF]

Now you link to some blogpost/article on some random site, which only rehashes what Microsoft's own article at teched has to say as well..

Link to direct advisory:
https://www.microsoft.com/technet/security/advisory/2501696.mspx [microsoft.com]

Finally!

[StripedCow]

Now we can finally run native code in a mainstream browser?

Re:

[JSG]

You don't remember {MS|PC|IBM}DOS do you?

It should be possible to sue for time wasted trying to get 620Kb free memory available to run some shitty Lucas Arts game (or a crappy network stack n client).

Before the "I had a few problems with punch cards" mob dives in - no one ever said that a batch system based on paper doilies would be easy.

Cheers
Jon

Re:

[catmistake]

nice. LOL

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[LordLimecat]

Because its reliability is spotty at best, its a haven for viruses (super-duper-hidden System Volume Information ftw!), and you never know what it will and will not break.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[LordLimecat]

If you have a virus that is infecting system restore points, your antivirus isnt going to be detecting anything-- its already been subverted. If you dont understand this, then youve bought into the whole "AV will protect you from viruses, full stop" myth, and obviously havent had to deal with many infections (client or otherwise).

As for it not breaking things, it certainly is possible and Ive certainly seen it; whether that was recent is moot, as once I realized how much of a waste of time it was, I stoppe

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[LordLimecat]

That most of the malware today use social engineering and are Trojan based, which means the user has to launch it first to cause an infection

Youll need to cite a source for that, anecdotal evidence (the several hundred infections i deal with per year) shows that the vast vast vast majority of infections do not require such crude interaction; they rely on browser and plugin exploits to launch no-click infections.

As for AV the last tests I saw with Comodo were 98.4% and MSE something like 96.something%

No AV that I have seen has detection rates quite that high. Last comprehensive study I saw (about a year ago) showed the top contenders hovering around 81% detection on unknown binaries. MSSE is certainly quite decent, but AGAIN, if you

Re:

[Peach Rings]

I don't like it because it's not clear what exactly it does. If I want to remove some application I'd only use a clean uninstaller, not some generic tool that attempts to overwrite changes to certain unspecified locations.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[camperslo]

Since MHTML is a web archive format that is also used by MS Word, perhaps there's a possibility of issues there too.

Since the article/advisory don't really say what MHTML is (It's not Microsoft HTML!), here's the wikipedia description for those not motivated to look it up:

"MHTML, short for MIME HTML, is a web page archive format used to combine resources that are typically represented by external links (such as images, Flash animations, Java applets, audio files) together with HTML code into a single file.

Re:

[Hylandr]

Slashdot,

where art thou haters of Microsoft? Whence does a man calling out Microsoft get beaten like a straight man in a gay parade?

TO HELL with mod points, Microsoft bought Slashdot...

- Dan.

Re:

[by (1706743)]

Not a problem for my Vic 20 or my Linux powered Acer Aspire REVO Nettop.

Fullscreen flash, on the other hand, probably is ;)

Re:

[Osgeld]

I am sitting on my DEC 386 laptop thinking the same thing, then I thought, fuck this takes less time to scroll through comments on the /. site than it does on my uber modern web browser on a multicore 2.8GHZ computer

so what the fuck is my incentive anymore people?

Re:

[snookiex]

I hate those .mht files. I thought they weren't a standard, but turns out that that format is a kind of [wikipedia.org].

Re:

[VortexCortex]

This makes me glad I use Google Chrome. As well as the speed, of course.

Who doesn't use "the speed"; I agree, using it makes everything better -- Just don't get too addicted. However, Chrome is overrated, IMHO; Mirrors work just as well.