| Author |
Topic: Norton Security question |
Larry Robbins
From:
Fort Edward, New York
|
Posted 15 Dec 2005 1:44 pm |
|
Over the last couple of days I keep getting a notice window from my Norton Security that says: a computor is trying to gain acess to MY computer using the:
MS PnP QueryResConflist BO attack
any idea what the heck it is? also is it a serious threat?
Thanks |
|
|
|
Tom Diemer
From:
Defiance, Ohio USA
|
Posted 15 Dec 2005 2:20 pm
|
|
Larry, here is some info on that.
Excerpt:
Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description
This signature detects attempts to exploit a buffer overflow vulnerability in the Windows Plug and Play.
Additional Information
Microsoft Windows Plug and Play (PnP) service is used by the operating
system to detect new hardware.
The PnP service is prone to a buffer overflow vulnerability. This
vulnerability presents itself because the application does not perform
boundary checks prior to copying user-supplied data into sensitive
process buffers.
Specifically, this issue takes place when the PnP service handles
malformed messages containing excessive data. These messages are passed
to a finite sized buffer, triggering an overflow condition and
facilitating memory corruption. A successful attack may result in
arbitrary code execution, which can allow an attacker to gain SYSTEM
privileges.
This vulnerability facilitates local privilege escalation and
unauthorized remote access depending on the underlying operating system.
A remote unauthenticated attacker can exploit this issue on Windows 2000.
It is conjectured that on Windows 2000, an attacker would likely exploit
this issue using NULL session enumeration to gain access. On Windows XP
SP1 a remote attacker must authenticate over RPC to exploit this issue.
Windows XP SP2 and Windows Server 2003 require an attacker to have local
access to an affected computer for successful exploitation.
http://www.symantec.com/avcenter/attack_sigs/s21260.html
|
|
|
|
Larry Robbins
From:
Fort Edward, New York
|
Posted 15 Dec 2005 2:40 pm
|
|
Thanks Tom,
I used the link you put up and installed the patch for XP. Should I be "resonably"
safe from it now? Thanks again,
Larry |
|
|
|
Tom Diemer
From:
Defiance, Ohio USA
|
Posted 15 Dec 2005 3:16 pm
|
|
Larry, yes, that should patch the weakness in the PnP system.
Microsoft has a bullseye on their butt - anything that can be expoited will be by some hacker or virus writer. They are quick at getting patches ready though. You should be fine now.
It's a really good idea to keep up to date on the Windows updates. Usually you'll get things fixed before a problem happens.
|
|
|
|
Larry Robbins
From:
Fort Edward, New York
|
Posted 15 Dec 2005 4:02 pm
|
|
Thanks again,
I normally get automatic updates but, recently did the ol system restore and neglected to go back and reinstall any updates that I might have lost! ....
a leson learned!  |
|
|
|
