Video Screencast Help

Microsoft Patch Tuesday for July 2008

Created: 08 Jul 2008 19:57:35 GMT • Updated: 23 Jan 2014 18:40:44 GMT
Robert Keith's picture
0 0 Votes
Login to vote

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a relatively light month; the vendor is releasing four bulletins that cover a total of nine vulnerabilities.

All nine of the issues are rated “important” this month. Although none of the issues jump out and say, “This is a severe or critical vulnerability,” a couple of the issues have the potential to become widespread. Two of the four SQL Server issues, while local in nature, could be exploited remotely if an attacker can exploit a latent SQL-injection issue in an application that uses the vulnerable server as a backend. Also, the DNS Server and Client issues could help attackers spoof legitimate sites, greatly enhancing their ability to phish sensitive information from unsuspecting victims.

 

Microsoft’s summary of the July releases can be found here:
www.microsoft.com/technet/security/bulletin/ms08-jul.mspx

 

1. MS08-040 Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)

 

CVE-2008-0085 (BID 30083) Microsoft SQL Server Memory Page Reuse Information Disclosure Vulnerability (MS Rating: Important / Symantec Urgency Rating: 6.1/10)

 

An information disclosure vulnerability affects SQL Server due to how it manages memory page reuse. An attacker with ‘database operator’ access can exploit this issue to gain access to potentially sensitive information. Information obtained may aid in further attacks.

Affects: SQL Server 7.0 SP4, SQL Server 2000 SP4, SQL Server 2000 Itanium-based Edition SP4, SQL Server 2005 SP1 and SP2, SQL Server 2005 x64 Edition SP1 and SP2, SQL Server 2005 with SP1 and SP2 for Itanium-based Systems, Microsoft Data Engine (MSDE) 1.0 SP4, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP4, Microsoft SQL Server 2005 Express Edition SP1 and SP2, Microsoft SQL Server 2005 Express Edition with Advanced Services SP1 and SP2, Microsoft SQL Server 2000 Desktop Engine (WMSDE), Windows Internal Database (WYukon) SP2, and Windows Internal Database (WYukon) x64 Edition SP2

CVE-2008-0086 (BID 30082) Microsoft SQL Server Convert Function Remote Memory Corruption Vulnerability (MS Rating: Important / Symantec Urgency Rating: 6.4/10)

A local privilege-escalation vulnerability affects SQL Server when converting SQL expressions from one data type to another. An attacker with authenticated access to the application could exploit this issue to execute arbitrary code with SYSTEM privileges. This issue may be remotely exploitable if an attacker can exploit latent SQL-injection vulnerabilities in web-based applications that use the vulnerable SQL server as a backend.

 

Affects: SQL Server 2000 SP4, SQL Server 2000 Itanium-based Edition SP4, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP4, and Server 2000 Desktop Engine (WMSDE)

CVE-2008-0107 (BID 30119) Microsoft SQL Server On-Disk Data Structures Remote Memory Corruption Vulnerability (MS Rating: Important / Symantec Urgency Rating: 6.4/10)

 

A local privilege-escalation vulnerability affects SQL Server due to how it validates data structures on disk files. An authenticated attacker could exploit this issue to execute arbitrary code with SYSTEM privileges.

 

Affects: SQL Server 7.0 SP4, SQL Server 2000 SP4, SQL Server 2000 Itanium-based Edition SP4, SQL Server 2005 SP1 and SP2, SQL Server 2005 x64 Edition SP1 and SP2, SQL Server 2005 with SP1 and SP2 for Itanium-based Systems, Microsoft Data Engine (MSDE) 1.0 SP4, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP4, Microsoft SQL Server 2005 Express Edition SP1 and SP2, Microsoft SQL Server 2005 Express Edition with Advanced Services SP1 and SP2, Microsoft SQL Server 2000 Desktop Engine (WMSDE), Windows Internal Database (WYukon) SP2, and Windows Internal Database (WYukon) x64 Edition SP2

CVE-2008-0106 (BID 30118) Microsoft SQL Server INSERT Statement Remote Memory Corruption Vulnerability (MS Rating: Important / Symantec Urgency Rating: 6.4/10)

 

A local privilege-escalation vulnerability affects SQL Server when processing ‘insert’ statements. An authenticated attacker can exploit this issue to execute arbitrary code with SYSTEM privileges. This issue may be remotely exploitable if an attacker can exploit latent SQL-injection vulnerabilities in web-based applications that use the vulnerable SQL server as a backend.

 

Affects: SQL Server 2005 SP1 and SP2, SQL Server 2005 x64 Edition SP1 and SP2, SQL Server 2005 with SP1 and SP2 for Itanium-based Systems, Microsoft SQL Server 2005 Express Edition SP1 and SP2, and Microsoft SQL Server 2005 Express Edition with Advanced Services SP1 and SP2

2. MS08-038 Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)

CVE-2008-1435 (BID 30109) Microsoft Windows Explorer 'saved-search' File Remote Code Execution Vulnerability (MS Rating: Important / Symantec Urgency Rating: 7.1/10)

 

A client-side remote code execution vulnerability affects Windows Explorer when handling specially malformed ‘saved-search’ files. An attacker must trick a victim into opening and saving a malicious ‘saved-search’ file with the vulnerable application to exploit this issue. A successful exploit will result in the execution of arbitrary code in the context of the currently logged-in user.

Affects: Windows Vista and Windows Vista SP1, Windows Vista x64 Edition, Windows Vista x64 Edition SP1, and Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

3. MS08-039 Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)

CVE-2008-2247 (BID 30130) Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability (MS Rating: Important / Symantec Urgency Rating: 7.1/10)

A cross-site scripting vulnerability affects Outlook Web Access for Exchange Server. The problem occurs due to a failure to properly validate email fields when opening mail from within a client’s OWA session. An attacker must trick a victim into opening a specially crafted email to exploit this issue. A successful attack will allow the attacker to execute arbitrary actions with the permissions of the victim’s OWA session.

Affects: Microsoft Exchange Server 2003 SP2

CVE-2008-2248 (BID 30078) Microsoft Outlook Web Access for Exchange Server HTML Parsing Cross-Site Scripting Vulnerability (MS Rating: Important / Symantec Urgency Rating: 7.1/10)

A cross-site scripting vulnerability affects Outlook Web Access for Exchange Server. The problem occurs due to a failure to properly validate HTML when rendering email within a client’s OWA session. An attacker must trick a victim into opening a specially crafted email to exploit this issue. A successful attack will allow the attacker to execute arbitrary actions with the permissions of the victim’s OWA session.

Affects: Microsoft Exchange Server 2007, and Microsoft Exchange Server 2007 SP1

4. MS08-037 Vulnerabilities in DNS Could Allow Spoofing (953230)

CVE-2008-1447 (BID 30131) Multiple Vendor DNS Implementation Insufficient Socket Entropy DNS Spoofing Vulnerability (MS Rating: Important / Symantec Urgency Rating: 6.1/10)

A vulnerability in multiple vendors implementations of the DNS protocol allows attackers to spoof DNS responses to poison the DNS cache. The problem occurs because of weak randomization in the Transaction ID (TXID) and UDP port used in DNS communications. A remote attacker can exploit this issue by sending specific queries to a vulnerable computer, and then respond with false or misleading information.

Affects: Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows XP Professional x64 Edition, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP1 and SP2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition SP2, and Windows Server 2003 with SP1 and SP2 for Itanium-based Systems.

CVE-2008-1454 (BID 30132) Microsoft Windows DNS Server Cache Poisoning Vulnerability (MS Rating: Important / Symantec Urgency Rating: 6.1/10)

A vulnerability in Windows DNS Server allows attackers to poison the DNS cache, potentially redirecting users to attacker-controlled sites. The problem occurs because under certain circumstances, a DNS server will accept a response from a nameserver for zones outside the server’s authority.

Affects: Microsoft Windows 2000 SP4, Windows Server 2003 SP1 and SP2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP1 and SP2 for Itanium-based Systems, and Windows Server 2008 for 32-bit Systems, and x64-based Systems.

 

More information on this and other vulnerabilities is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.

Message Edited by SR Blog Moderator on 07-09-2008 10:23 AM