1USA Link Exchange

1USA's Security & Privacy
Info Center
COM Object vulnerability for all Windows computers

 

You can print any of these pages and show them to your employer and friends so they understand the seriousness of computer viruses & computer security.
 

1USA recommends that all 1USA Subscribers (with PC's, not Macintoshes) visit http://WindowsUpdate.Microsoft.Com every 3 months to download any "critical updates".
1USA also recommends that you make periodic backups of your files. (not necessarily the programs, just your files)

Here's a good reason why:

Another Security Flaw: README.TXT can harbor executable programs!


4/01: A new Windows vulnerability has been recently exposed that allows nasty programs or web pages to do what ever they like, such as mess with the system registry, delete files, give access to hackers, or even wipe out your hard drive.

The bug was originally demonstrated by security analyst Georgi Guninski ( http://www.guninski.com/clsidext.html )and later validated by Bug Net engineers. The bug originates in Microsoft's Component Object Model (COM) that is built into all Windows versions since Windows 95.
COM objects rely on CLSID to uniquely identify a COM object and instruct the operating system how to execute it.
Using the CLSID, dangerous executables and scripts can be disguised as innocent .TXT files.

Double-clicking on a purposely renamed file will execute, not as a text file, but in whatever way the original program was written. Ouch!

Tests were performed on several exploits to ascertain the seriousness of this vulnerability.
"We were able to create an Excel spreadsheet with a built-in startup macro that erases files off of the hard disk," said Eric Bowden, general manager of Bug Net, a bug testing facility. "We created a registry merge file that granted us admin rights on a Windows 2000 domain server. We even selectively destroyed the Windows registry.

"Despite the menacing nature of these files, they could hide innocently behind a harmless file name like README.TXT.
A test program has been posted which demos the vulnerability".

I went and tried this, and it's true. Until Microsoft creates a patch, the only protection is for the user to vigilantly check file icons to see if they match the FileType.
When browsing network files, *look at the file icon* to make sure that it matches the file type.
****Beware of any e-mail attachments that reveal the CLSID filename.
Don't double-click it until you double-check it. ****

IT Managers: You now have to teach everyone who sits in front of a computer what a FileType is, and know its associated Icon.
Microsoft has not released a Fix yet that I know of.

1USA's virus-protected email servers can protect you effectively from catching viruses, but it would be hard to isolate COM objects since these COM objects are legitimate programs. More info later on http://www.1usa.com/security/ as its received.

BarryZ
1USA

   
   
 


Virus Protection is one of the benefits of being a 1USA Subscriber.
 
untitled

Go Back Go back to previous page 1USA Home

Internet  Access
and
Website Hosting


West Lawn, PA
610.678.2300



1USA is a National ISP with extensive content areas for its members.

ISP Access Numbers 1USA ISP Broadband 



1USA Internet Services:
56k 112k Dual Modem Satellite DSL  Broadband Wireless
Web Design Website Hosting
Computer Services Computer Security
Help Desk Our Policies Advertise About Us Home

1USA Subscriber email accounts @1usa.com are protected from incoming viruses & Spams.

Public areas on 1USA:
Events  Classifieds  News Lots of Links Search Page  Virus Info Center
Don't forget to Register in the contests and win Prizes!
1USA Member areas:
WebMail File Libraries and You've Got Mail sounds
Chat Server Discussion Forums
Newsletters Voting Booth Tech Support Free Tutorials Security
Getting too much SPAM? Signup with our ASKmail service

Design and scripting © 1995-2005



Email: The 1USA Webmasters 

 

   


1USA Link Exchange