Posted 11/14/07 at 01:19:10 PM | by Mark Soper
In October, we warned you about a dangerous vulnerability on systems running Windows XP, Internet Explorer 7, and Adobe Acrobat or Reader. The URI protocol handler, which runs email, IM or other applications when you click on a web link, could be used to attack your system. According to Symantec, the problem isn't just with Adobe Acrobat or Reader either: some versions of Mozilla Firefox, Skype, as well as Netscape 7.1, mIRC, and the Miranda 0.7 IM client can also be used to attack systems running Windows XP or Windows Server 2003 via URIs. Since URIs show up in email, web pages, PDF files, IMs and lots of other places, your PC is a "target-rich environment," to say the least.
A URI that calls a program in Windows actually asks the Windows Shell32 program to do its bidding. Shell32 uses the ShellExecute function to start the other program. The trouble is that Shell32's a trusting sort, not asking any questions about what the URI is up to. As a result, a bad URI can do anything it wants.
Adobe fixed the problem for Acrobat and Reader 8.x users right away, but, as Symantec's list of other affected applications suggests, the real place to stop the problem is at the operating system level. And, with the release of security bulletin MS07-061, Microsoft is on the job. Tuesday, Microsoft rolled out the URI vulnerability fix for Windows XP and Windows Server 2003 as part of "Patch Tuesday," so it will be showing up in your system's Windows Update offerings shortly. But why wait? You can grab the update for Windows XP right now (Windows Vista users aren't affected). It's a 3MB download, so it won't take long to download and install it. Microsoft identifies this vulnerability as "critical" - and given the omnipresence of URIs, that's putting it mildly.
Changing how Shell32 works is not trivial - it's one of the most important components in Windows. Unfortunately, it's possible that the security changes in this new update might cause some programs to no longer work properly. If that happens, you will need to whip out Regedit and make changes to the Registry that will exempt that program from the security update. For details, see Microsoft Knowledge Base article 943460.
-------------------------------------------------------------
Mark Soper and tech legend Leo Laporte have teamed up to solve Windows XP woes with Leo Laporte's PC Help Desk. Grab a copy for yourself or give PC peace of mind to friends and family. It's available at Amazon.com and other fine bookstores.
Comments
Print
Email
© 2008 Future US, Inc. All Rights Reserved.
Links:
[1] http://www.maximumpc.com/user/marcus_soperus
[2] http://www.maximumpc.com/article/didnt_ask_for_that_pdf_file_watch_out
[3] http://www.symantec.com/en/aa/enterprise/security_response/vulnerability.jsp?bid=25945
[4] http://www.maximumpc.com/article/got_adobe_acrobat_or_reader_8_1_the_fix_is_in
[5] http://support.microsoft.com/?kbid=943460
[6] http://www.microsoft.com/downloads/details.aspx?FamilyId=8ba1c2f9-1bde-4e97-b327-21259c5e5104&displaylang=en
[7] http://www.informit.com/store/product.aspx?isbn=0789733943
[8] http://www.amazon.com/Laportes-Help-Desk-Laporte-Press/dp/0789733943/
[9] http://www.maximumpc.com/article/mailto_and_other_uri_threats_may_target_everyone