Summary: Windows shows that it not only brings security problems to Apache but also to battery chargers
THE thing about Windows is, the underlying operating system is less secure than UNIX and Linux. Here is nice new proof of this, straight from the news. Our reader renamed it (the headline) “Windows bug prompts Apache update advice”
“The vulnerability means that you can take complete control of the web server remotely with system privileges — which is the highest privilege on Windows,” Edelstein told ZDNet.com.au. “An attacker could gain access to, modify and take away data.”
Edelstein advised users running Apache on Windows platforms to upgrade immediately as users have no way of knowing if their web servers have been compromised. The company’s security advisory can be accessed here.
“A proof of concept remote exploit has been written by Sense of Security, and it is feasible that others could write a similar exploit to completely compromise a Windows system,” said Brett Gervasoni.
As most Apache users run it on UNIX and Linux, the above is probably nothing to panic or worry about.
Charged With Malware
“Microsoft, the company that made battery chargers dangerous,” called it the reader who sent this next item from the news:
The United States Computer Emergency Response Team (US-CERT) has warned that the software included in the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access.
In an advisory, the US-CERT warned that he installer for the Energizer DUO software places the file UsbCharger.dll in the application’s directory and Arucer.dll in the Windows system32 directory.
When the Energizer UsbCharger software executes, it utilizes the UsbCharger.dll component for providing USB communication capabilities. UsbCharger.dll executes Arucer.dll via the Windows rundll32.exe mechanism, and it also configures Arucer.dll to execute automatically when Windows starts by creating an entry in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key.
“The danger of Open Source software is that you don’t know if it contains malware,” jokingly said our reader. █