11 September, 2009

Abandoning 2000/XP security updates?

Oh well, it was fun while it lasted...

Seems M$ is dropping security patching for Windows XP, according to this security bulletin regarding a rather serious flaw in the Windows TCP/IP-stack, which enables a black-hat (or any person with technical expertise and malicious intent, really) to easily take control of any Win 2000/XP-computer running a listening service (webserver, SMB file-sharing, FTP, etc.). Microsoft on the other hand, chuffs the flaw, saying the vulnerability only affects a minor percentage of their business-oriented Windows 2000 user-base.

The only thing that concerns me (and a lot of IT critics online) about that statement, is that Windows XP is based on Win 2000. I wouldn't say the Windows XP user-base is a minor percentage, especially when statistics show that around 70% of web-users are on that platform. If this is a ploy from Microsoft to force people to switch to Win 7, it's a bad tactical move. Not only because of the security implications involved, but also Microsoft's decline on the customer-relationship front, as well as business-relations.

Will "The Silicon Valley Giant" ever learn from it's mistakes? Apparently, NO...

Ok, so the flaw isn't high-risk, but it CAN be without proper configuration! My point being that revoking security updates from a product currently in sale is a bad move.

Ultimately, if an attacker gets through with specially crafted TCP-packets (TCP injection/prediction techniques), he can generate a DoS-condition, which halts the affected machine. But as the system can regain control again as soon as the attack-wave dissipates, Microsoft does not regard it as particularly high-risk.

All-in-all there are too many variables in the case-studies to make any good judgement on how risky this hole actually is, but it allows for DoS attacks, and therefore also the possibility of takeover.

Update, thursday september 17th:

To be fair, this flaw only affects advanced users with mal-configured listening-services, but that's not to say, once one IS taken over by a malicious black-hat, it can't be used for destruction and malcontent. If the machine resides in a network with other 2000/XP-machines, it's suddenly (probably) in the trusted IP-range, and therefore poses a risk as a penetration-tool to spread malware internally. There's a lot of vectors to exploit in this scenario, unfortunately... Let's just hope this flaw gets resolved before major abuse occurs.


0 kommentarer :

Post a Comment