Symantec's Voice of Reason Response to Microsoft's June Security Bulletin

Oslo, 12. juli 2006 - Microsoft issued information on seven security bulletins.  One update addresses several issues in Microsoft Excel, including two publicly known zero-day vulnerabilities.  The following summary provides Symantec’s evaluation of the most critical issues.

Mailslot Heap Overflow

Symantec Security Response rates the vulnerability in Mailslot, Microsoft’s unidirectional data transfer facility, to be the most critical of the security bulletins.  This vulnerability allows an attacker to execute code remotely by sending anonymous, malformed communication over TCP port 445.  Successful exploitation attempts could completely compromise a system.  Users of Windows 2000, Windows XP and Windows Server 2003 could be affected.

Buffer Overrun in Dynamic Host Configuration Protocol (DHCP)

Also of serious concern is a remote code execution in the Windows DHCP client service.  This remote code execution vulnerability is related to a buffer overflow that occurs when an organization processes malicious DHCP client requests from an attacker, on the local subnet.  DHCP is a communication protocol that allows administrators to centrally manage and automate the assignment of Internet Protocol (IP) addresses in an organization's network; therefore one compromised system could affect other systems connected to it on the same physical network.  Users of Windows 2000, Windows XP and Windows Server 2003 may be affected.

“Remotely exploitable vulnerabilities can pose a serious threat to organizations because they do not require user interaction and can be attacked from across the Internet,” said, Dave Cole, director, Symantec Security Response.  “With the likelihood of multiple Windows servers sitting on the same network, Symantec Security Response recommends that organizations review their firewall policies and properly patch their systems as these two vulnerabilities could expose organizations to worm activity and other attacks.”

Microsoft PNG File

This vulnerability in the PNG image file processing facility of Microsoft Office is a memory corruption flaw that is related to validation of file lengths.  A specially crafted Excel file that includes a malicious PNG image could take advantage of this vulnerability which can also be exploited automatically through e-mail on all affected platforms, except Office XP and Office 2003.  An attacker could also exploit the issue by placing the malicious document on the Web and enticing victims into opening it.  Platforms affected include, Microsoft Office 2003, Microsoft Office XP, Microsoft Office 2000, Microsoft Project 2002, Microsoft Project 2000, and Microsoft Works Suite 2000-2006.

Microsoft Excel

Microsoft issued patches for multiple vulnerabilities in Microsoft Excel.  All of the vulnerabilities may be exploited by a specially crafted Excel document containing malicious information that can corrupt process memory with attacker-supplied data.  If exploited, an attacker could execute arbitrary code in the context of the currently logged in user.  Symantec Security Response recommends referring to Microsoft’s security Web site for a complete list of affected versions of Excel.

Symantec recommends the following actions for IT administrators:

·        Evaluate the possible impact of these vulnerabilities to critical systems.

·        Plan for required responses including patch deployment and implementation of security best practices using the appropriate security and availability solutions.

·        Take proactive steps to protect the integrity of networks and information.

·        Verify that appropriate data backup processes and safeguards are in place and effective.

·        Remind users to exercise caution in opening all unknown or unexpected e-mail attachments and in following Web links from unknown or unverified sources.

Symantec recommends the following actions for consumers:

·        Regularly run Windows Update and install the latest security updates to keep software up to date.

·        Avoid opening unknown or unexpected e-mail attachments or following Web links from unknown or unverified sources.

    * Use an Internet security solution such as Norton Internet Security to protect against today's known and tomorrow's unknown threats.

Additional information can be found at:

http://www.microsoft.com/athome/security/update/bulletins/200607.mspx