Hello, and welcome to this month’s blog on the Microsoft patchreleases. September is a light month, with only 4 releases, eachresolving one issue.
Which is the most critical of these vulnerabilities? Well, itdepends on who you ask. Microsoft lists the issue in the Agent ActiveXcontrol as the only ‘Critical’ update this month, however ourcalculations have resulted in a higher urgency rating for the MSN /Live Messenger issue. Both vulnerabilities grant a remote attacker theability to run arbitrary code on the target machine if the target userperforms a specific action (clicks on a link or accepts an incomingmessage). Microsoft may have rated the ActiveX issue higher because anon-vulnerable upgrade to Messenger has been available for some time.However, we rate the issue in MSN Messenger/Live Messenger higher, dueto the availability of public proof-of-concept code known to work on atleast one platform. From the perspective of an affected user, theknowledge that they could have...
This month's Microsoft patch releaseincludes six bulletins, addressing 12 vulnerabilities in common clientand server software, including four in a popular developmentenvironment. Topping the heap in terms of urgency is a remotelyexploitable, server side code execution vulnerability in IIS, andthat's where we'll start:
MS07-041;KB939373Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution
This bulletin addresses a previously known issue in IIS 5.1 onWindows XP that was reported in late 2005 as a denial-of-serviceproblem. It is now known to be exploitable to run attacker code. IIS isnot running or installed by default on Windows XP.
Microsoft Internet Information Server 5.1 DLL Request Remote Code Execution Vulnerability BID...
Hello again... this month's update contains 6 advisories with atotal of 15 patched vulnerabilities. Major apps for this month wereonce again IE and Outlook/Windows Mail, coming in with 6 and 4 patchedvulnerabilities respectively. This month we also see updates forfile-based attack vectors against Visio, remotely exploitablevulnerabilities in both a dev library and a security package patched,and a fairly low profile information disclosure vulnerability in Vistadealt with. As usual details are given below in order of descending urgency. Happypatching, and we'll be back for another round next month...
MS07-034; KB929123 Cumulative Security Update for Outlook Express and Windows Mail
This release addresses four issues in Windows Mail (vista) andOutlook Express 6 (all others). It also...
May proves to be a busy month for Windowsadministrators as we received information on no less than 21vulnerabilities being addressed in this month's 7 patches. If youhappen to be responsible for any DNS servers running on Server 2000,2003 Server or SBS, you will most likely want to skip to the last oneand work your way up. For the rest of us, we'll start with the IEissues and continue from there:
MS07-027; 931768 Cumulative Security Update for Internet Explorer This is the seemingly monthly cumulative patch for IE issues. Sixdistinct issues are addressed in IE this month, as well as two issuesin third-party ActiveX controls. Note that these two are only mentionedas footnotes in the advisory and therefore do not have their ownUrgency Ratings from Microsoft. Unless otherwise...
Anybody remember when RTF files were just innocent little things?They were like the big brother of the .txt file, or .txt v2, if youwill. Just characters on a screen, but some of them might be differentfonts or colors or sizes – maybe the occasional clipart. Who would haveguessed they are apparently the most hostile files on the Internet thismonth? "When RTFs Go Bad!…" Okay, perhaps I’m exaggerating, but thismonth Microsoft is patching no less than three vulnerabilities, inseparate applications, that can be exploited via malicious RTF filesthat contain OLE objects.
Several of this month’s patches address issues that have beenexploited already in limited-distribution, targeted attacks. Thecombination of target-specific social engineering and privately heldvulnerability information is becoming more and more widely adopted byattackers with political and industrial motivations. While the "newbreed" of cybercriminals wants to cast as wide a net as possible, wecannot forget that...
Welcome to 2007! Before we get started, I'd like to wish you all a happy, healthy, and safe year from the DeepSight research teams here at Symantec. May all your plans come to fruition, and may all your patches apply smoothly... This month's patch release by Microsoft is a little lighter than previous releases, and lighter even than initially projected by Microsoft themselves. On January 4th, as per their usual policy, they publicly released high-level details of the planned release. The initial advance notification mentioned eight patches. However, the notification was later modified to list only four releases. Included among the delayed releases are fixes for various Word issues. The updates for January that did make the cut cover 10 distinct vulnerabilities, which were primarily file-based, client-side issues in the Office suite.
All aboard! Welcome to another ride on themonthly Microsoft patch train. We’ve got quite a few stops this monthand most are client-side vulnerabilities, meaning that an end user hasto take specific actions (typically by obtaining and then openinghostile content). Unless otherwise stated, the privilege granted to theattacker for all of the below vulnerabilities is the privilege level ofthe victim user. Most were publicly disclosed for the first time today,but the exceptions are noted. They are listed below in the order ofmost to least critical for the fabled “typical” network.
Vulnerability in SNMP Could Allow Remote Code ExecutionMS06-074 / KB926247
This vulnerability seems almost old-fashioned in the modern securitylandscape – a common buffer overflow in a service....
All aboard! Welcome to another ride on the monthly Microsoft patch train. We’ve got quite a few stops this month and most are client-side vulnerabilities, meaning that an end user has to take specific actions (typically by obtaining and then opening hostile content). Unless otherwise stated, the privilege granted to the attacker for all of the below vulnerabilities is the privilege level of the victim user. Most were publicly disclosed for the first time today, but the exceptions are noted. They are listed below in the order of most to least critical for the fabled “typical” network.
Vulnerability in SNMP Could Allow Remote Code ExecutionMS06-074 / KB926247
This vulnerability seems almost old-fashioned in the modern security landscape – a common buffer overflow in a...
Microsoft released six security bulletins this morning, covering atotal of 11 distinct security vulnerabilities. In rough order of mosturgent to least, here we go:
Topping the list in raw urgency is MS06-066 (BID 21023 and BID 20984,CVE-2006-4688 and CVE-2006-4689). This affects everything from Win2KSP0 to XP SP2, provided that the systems have the Client Service forNetware enabled. This obviously reduces the population of vulnerablesystems, but for those systems this is where you want to start. Thisaddresses two vulnerabilities, the more severe of which is theMicrosoft Windows Client Service For Netware Remote Code ExecutionVulnerability. If your computers match that description, you are wideopen to remote attackers, who have the opportunity to run code of theirchoice on your machines – until you apply the patch, of course. Thevulnerable...
Microsoft released six security bulletins this morning, covering a total of 11 distinct security vulnerabilities. In rough order of most urgent to least, here we go:
Topping the list in raw urgency is MS06-066 (BID 21023 and BID 20984, CVE-2006-4688 and CVE-2006-4689). This affects everything from Win2K SP0 to XP SP2, provided that the systems have the Client Service for Netware enabled. This obviously reduces the population of vulnerable systems, but for those systems this is where you want to start. This addresses two vulnerabilities, the more severe of which is the Microsoft Windows Client Service For Netware Remote Code Execution Vulnerability. If your computers match that description, you are wide open to remote attackers, who have the opportunity to run code of their choice on your machines – until you apply the patch, of course. The...
This month is a busy one, with 10 updates in total, fixing 27 distinct vulnerabilities. Of the 10 updates, seven of them are listed as “Critical” by Microsoft. Interestingly, all seven of them are intended to patch various client-side vulnerabilities—four of them in the Office suite.
Critical bugs:
The patched Office vulnerabilities are all file-format vulnerabilities that will allow an attacker to run the code of their choice on the victim machine, provided a user on that machine opens the malicious file.
There are patches for Powerpoint (MS06-058: BIDs 20322, 20304, 20325, 20226), Excel (MS06-059: BIDs...
Well, once again we find ourselves faced with the monthly ritual known as "Microsoft Patch Day”. This time around the ordeal is relatively minor, with only three new items in the bucket. Two of these items could potentially result in attacker-supplied code being run on a target system, but both are reliant on other limiting factors, which greatly reduce the global stress level associated with Patch Tuesday. All items, of course, are still worthy of close inspection by any admin to see if they apply to the machines and networks that they are responsible for.
The first issue we’ll address in this blog is the PGM overflow vulnerability (MS06-052, CVE-2006-3442, BID 19922). This is the most severe of the issues presented this month because it allows an attacker to execute arbitrary code remotely on the affected system. So then, what’s the good news? Well, the affected code is in MSMQ3.0...
Many years ago, almost all vulnerabilitieswere a “zero-day” style in some respect. Vendors did not, for the mostpart, talk about security defects in their products and in fact,several chose not to address them at all. Information about ways tobreak into systems remained primarily in the hands of the attackers.Things began to change in the mid-90s, when the discussion of securitybugs became more widespread. Vendors started to participate moreactively in the dissemination of protective information with the goalof enabling their customers to defend their digital assets. Variouscommunities sprouted up to facilitate this discussion, vendors set upsecurity-alert mailing lists and Web sites, and the general awarenesslevel of computer security was raised substantially. During this timethere were, of course, those who still chose to keep vulnerabilityinformation to themselves for their own purposes, but the overalldiscussion of these issues was open and frank. Flaws were...
