'Sysetms/MS Windows'에 해당되는 글 2

  1. 2008.10.29 NTFS alternate Data Streams (ADSes) (4)
  2. 2008.07.20 How to repair MS Windows Updates's trouble

NTFS alternate Data Streams (ADSes)

2008.10.29 15:52 | Posted by bar4mi
Recently I found a remote vulnerability which was occured by NTFS alternate Data Streams. I'll record some informations of ADSes for my memory. I will announce the vendor and the product after the patch will be released.

NTFS ADSes are provided for compatiability with the Mackintosh HFS(Hierarchical File System). This is used for storing some information in MS Windows System. For example, MS Word stores the property information of a document to it.

We can make a data stream through some ways. For example, I made it via 'type' command. As you can see, the file size is zero despite of some texts.

We can find this data stream using LADS(http://www.heysoft.de/Frames/f_sw_la_en.htm) or dir command(if you are using MS Windows VISTA, you can use '/r' switch).

As further usage, we can hide a executable file on myfile.txt.

And we can exeute it. This is used to hide and execute a malicious file.

You can obtains Addinational information via below link.
Today I installed Windows Office 2007 on my Macbook.

When the installation was ended, I couldn't update my Windows XP using Automatic Update System.
It just said me that it couldn't update some updates.

The solution about this problem was so simple. I could find it from searching.

This problem occurs when Windows system files had changed according to MS support.

You can repair it through just simple three steps(These are just to register the Wups2.dll).
First, stop Automatic Updates Service on Command Shell. ( Start > Click Run > Type cmd)
net stop wuauserv

Second, register the Wups2.dll file
regsvr32 %windir%\system32\wups2.dll

if you use Windows XP 64-bit Edition, change 'system32' folder's name to 'system64'.
regserv32 %windir%\system64\wups2.dll

Last, start Automatic Updates Service which you stop just before.
net start wuauserv

Now you can update your system as the latest safe system.
Ref. http://support.microsoft.com/kb/943144/en-us
이전 1 다음