I’ve spent much of my time the last few years looking at windows support from the linux side of the fence. Certainly linux boot disks and the like are among the most useful utilities that I’ve used. However, I am reminded from time to time that there is a good share of freely available utilities on the Windows side of things. http://www.mdgx.com/ is a site devoted to not just the free windows and dos utilites and add ons… but to quote the site…
Tag: SE
-
Lack of working exploit does not mean Windows 98 is safe
I want to try to clarify a point. I’ve spent a couple days trying to get current exploits to work on a Windows 98 SE virtual machine. Not to prove that Windows 98 is safe, but to determine if current exploits affect Windows 98. Yesterday evening there were apocalyptic headlines saying that virus threatens every windows os shipped since 1990 which is overhyped. The current vulnerability exists in every windows operating system shipped since 1990. The current exploit for that vulnerability doesn’t seem to work on Windows 98 (you have to go a long ways to find a configuration that the current exploit works with… I haven’t yet.) This does not mean that Windows 98 is invulnerable. It simply means that this specific attack does not easily work. Tomorrow may be different, now that the problem is known, it may be just a matter of time before someone determines WHY windows 98 is not as affected and “correct” the problem.
-
WMF exploit testing on Windows 98
I had hoped to get in another test of Windows 98 with yet another WMF viewer (tried Kodak imaging, and irfanview). So far I haven’t seen a way that the WMF exploits can work on Windows 98 SE. I’m running out of time before I have to run to some computer service appointments and maybe will be able to pick up again this afternoon/evening. Larry Seltzer had a post this morning that earlier versions of Windows might not be as vulnerable because they had no default WMF viewer, but with a default WMF viewer they may be susceptible. I’m still looking for a WMF viewer that makes the exploit possible on Windows 98 SE.
-
Windows 98 and the WMF exploit
I’ve seen breathless headlines that say “Windows PCs face ‘huge’ virus threat; Affects every MICROSOFT OS shipped since 1990…” and really would like to try to clarify (again) what the situation is. Yes, the bug or vulnerability that’s currently being exploited exists as far back as Windows 3.0, but as far as I can tell there is not an active, current exploit that is taking advantage of this flaw in earlier versions of windows. Currently the exploit only seems to affect Windows 2000, XP, and Vista.
-
More testing on the second WMF exploit
After my Windows 98 tests which failed to exploit the system with either the first or the second vulnerability, I started wondering how well the antivirus companies were doing in detecting this second exploit variation. I had setup and updated metasploit so I could test my Windows 98 SE install against the latest version of the exploit and with each connection to the locally hosted page I got a new random file. After I collected five of these I ran them through virustotal.com to see how well detection has come in just 24 hours.
-
Version 2 of the WMF exploit vs Windows 98 SE
Ok, I wasn’t quite satisfied with the results of the tests against the first version of the WMF (Windows Metafile) zero day exploit that’s now up to 4 or 5 days or so… Windows 98 is listed as being vulnerable, but there are no patches or workarounds currently available for Windows 98 users. I was mostly curious to see if current exploits could wreck a Windows 98 system. The answer at this point is not that I can see.
-
More WMF exploit testing on Windows 98
I’ve spent some more effort on trying to infect Windows 98 SE in a virtual machine with some of the exploit samples I can find. The first attempt was at a website with the .wmf download. No luck infecting the system there. Then, I’ve loaded up the image and visited kyeu dot info/WMF/ and tried each of the files there. I don’t have a zip handler in my Windows 98 SE image so that didn’t get tested, but I’m getting nowhere here. Gif opens with Explorer and gives a red x to indicate a broken image, the text file opens as a binary file viewed in a text editor, the htm file does the same only in explorer (I see what I’d usually see if I tried to open a binary file in a web browser…) The avi opens with Media Player and complains about it being an incompatible format.
-
WMF exploit and Windows 98
Most of the talk on the WMF zero-day has centered on Windows XP, 2000 and 2003. The unofficial patch is available for those three platforms. Microsoft’s (eventual) patch will likely be for those as well. Incidents.org had a comment in one of their posts that this would be a “watershed moment” for Windows 98/ME and that those users should upgrade immediately as there is little/no hope for a patch.