Feeds

Windows HyperTerminal surrenders your box

Unchecked buffer week

  • alert
  • submit to reddit

The smart choice: opportunity from uncertainty

Microsoft issued its third security bulletin for the week on Friday, this time reporting an unchecked buffer susceptible to an overrun attack in the ubiquitous HyperTerminal Telnet/serial client which cheerfully sets itself up as the default during Windows installation.

A maliciously-crafted Telnet URL can be used to trigger a buffer overrun, which in turn would enable an attacker to run arbitrary code on a machine with the victim's level of permission. A malicious HTML page exploiting the hole could easily be circulated via e-mail.

Another issue resides in code that processes session files, which enable HyperTerminal users to specify parameters such as the connection method and the destination host, Microsoft says.

Thus if a user opened a maliciously-crafted session file, it too would trigger the buffer overrun.

Because the flaw is specific to the utility, not the OS, an exploit can easily be developed to attack all Win machines running HyperTerminal without individual modifications for the several flavors of Windows in circulation.

Windows 98, 98SE, ME, NT, and 2K are all vulnerable, though in the case of 2K, HyperTerminal is not automatically installed as the default client.

Since Win95 is no longer supported, we're uncertain whether its edition of HT is affected, but chances are it's vulnerable too. There's no 95 patch, and there won't be. Didn't you know you were supposed to buy a 98 upgrade ages ago?

It's been a rough week for Redmond security. On Tuesday we learned of a Word macro vulnerability; on Thursday a Windows Media Player vulnerability; and Friday the HyperTerminal matter, all of which are exploitable in highly destructive ways.

Friday's hole is related to but not the same as a vulnerability reported back in October, so HyperTerminal users need to install fresh patches. The one issued previously is not adequate protection.

HyperTerminal is made by software outfit Hilgraeve. ®

Related Links

Win98, 98SE patch
WinME patch
Win2K patch

Securing Web Applications Made Simple and Scalable

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.