Iphone Pc Suite Vista

Sep 01
2006
Leave a
Comment

iphone pc suite vista

Two vulnerabilities in ActiveSynch, Microsoft Program Sychnchronization between PC and mobile devices

Date:

June 1, 2008

Name of risk:

ActiveSync.

Manufacturer (if applicable):

Microsoft Corp.

Description:

ActiveSync is a synchronization program developed by Microsoft. It allows a mobile device to synchronize with a desktop PC or server FirstClass Collaboration Suite, Microsoft Exchange Server, email and PostPath collaboration server, Kerio MailServer, Zimbra or push-Z. Only the personal information manager (PIM) data (e-mail / Calendar / contacts) can synchronize with Exchange Server. (The tasks can also be synchronized with Exchange Server Windows Mobile 5.0.) Sync Option PC, however, allows PIM synchronization with Microsoft Outlook and Internet "favorites", files and tasks, including data types. Mobile Devices supported include a PDA or a smartphone with Windows Mobile or Windows CE operating system, with devices that do not use a Microsoft operating system like Symbian platform and the iPhone. ActiveSync manual also allows transfer of files to a mobile device, as well as limited backup / restore functionality and capacity install and uninstall mobile applications.

In a special ceremony to launch the iPhone SDK on March 6, 2008, Apple announced that the technology used ActiveSync to enable synchronization between the iPhone and Microsoft Exchange Server.

Alternative software that mobile devices can synchronize with Microsoft is PC PIM also available, as FinchSync BirdieSync Thunderbird, or Intellisync.

In Windows Vista, the latest version of the operating d 'system Windows, ActiveSync has been replaced by Windows Mobile Device Center.

The software can be downloaded free from Microsoft ActiveSync Web site. Support is usually provided by the manufacturer of the device and the cost of this support depends on its policy.

Vulnerabilities

Two vulnerabilities have been identified in Microsoft ActiveSync (version 3.7.1 and earlier), which could be exploited by remote attackers to reveal sensitive information or cause a denial of service.

The first issue is due to a design error when sending authentication response, which could be exploited by attackers to the list of valid equipment IDs by sending specially crafted requests to port 5679 and check the answers.

The second vulnerability occurs when numerous attempts are made to initialize with ActiveSync (port 5679/TCP), which could be exploited by remote attackers to cause a denial of service.

ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a key) to send the user's PIN / Password through the USB host device, which could make it easier for attackers to decrypt a PIN / password obtained by inhalation or theft of the docking process.

Systems Affected:

Microsoft Windows.

Risk Level:

Less critical (2).

Threat Type:

Denial of service attacks, sniffing.

Link:

http://en.wikipedia.org/wiki/ActiveSync

About the Author

www.promisec.com

Increase CPU performance for Windows Vista & 7

Written by admin in: iphone | Tags: , , , , , , ,

Leave a Reply