[Microsoft] Vulnerability in Task Scheduler Could Allow Code Execution (841873)

Discussion in 'other security issues & news' started by NICK ADSL UK, Jul 21, 2004.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Vulnerability in Task Scheduler Could Allow Code Execution (841873)

    Issued: July 13, 2004
    Updated: July 19, 2004
    Version: 1.1

    Revisions:
    V1.0 (July 13, 2004): Bulletin published
    V1.1 (July 19, 2004): Bulletin updated with an additional workaround
    Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified below.

    -Do not open or save .job files that you receive from untrusted sources.
    This vulnerability could be exploited when a user views a .job file. Do not open files that use this file name extension.
    -Disable the dynamic icon handler for JobObject files by clearing the default value in the following registry key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JobObject\shellex\IconHandler

    1. Click Start, click Run, type "regedt32" (without the quotation marks), and then click OK.

    2. In Registry Editor, locate the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JobObject\shellex\IconHandler

    3. On the right windows pane you see a value of Default with Data of {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}.

    4. Right click on Default and select Modify.

    5. Clear out the Value Data listed and click OK.

    Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.

    Note We recommend backing up the registry before you edit it.

    Impact of Workaround: Clearing the value of this key will prevent the possibility of attack by preventing the IconHandler from automatically parsing .job files. The files will no longer have an icon associated with them.

    http://www.microsoft.com/technet/security/bulletin/MS04-022.mspx
     
Loading...
Thread Status:
Not open for further replies.