Risk
10/14/2008
07:07 PM
Connect Directly
RSS
E-Mail
50%
50%

Microsoft's Patch Tuesday Vital For Windows Server 2000 Users

While it's the Active Directory vulnerability that is rated "critical," fixes for Windows Server 2008 and Windows Vista show the newer operating systems are not immune from attacks.

Microsoft on Tuesday made available its regularly scheduled monthly security software patches, including 11 downloads to repair vulnerabilities in Windows Vista, Windows Server 2008, Windows Server 2000, Microsoft Office, and other products.

The so-called Patch Tuesday included four bulletins rated "critical" that affect Active Directory, Excel Host Integration Server, and Internet Explorer. Six bulletins are rated "important." The last one is rated "moderate." The "important" vulnerabilities have to do with privilege elevation and remote code execution. The "moderate" vulnerability has to do with information disclosure.

The Excel vulnerability affects various versions of Microsoft Office, including Microsoft Office for Mac 2004 and 2008. The IE patch could allow information disclosure or remote code execution if a user views a specially crafted Web page.

Of the "critical" patches, Vulnerability in Active Directory Could Allow Remote Code Execution (MS08-060) is garnering the most attention. Failure to apply the software could allow remote code execution if an attacker gains access to an affected network.

"This vulnerability only affects Microsoft Windows 2000 servers configured to be domain controllers," Microsoft said in its bulletin. "If a Microsoft Windows 2000 server has not been promoted to a domain controller, it will not be listening to Lightweight Directory Access Protocol (LDAP) or LDAP over SSL (LDAPS) queries, and will not be exposed to this vulnerability."

Eric Schultze, CTO of security firm Shavlik and formerly with Microsoft security, told InformationWeek he considers MS08-060 the most important in the batch.

"It's especially critical for an IT shop that has Windows [Server] 2000 domains and domain controllers," Schultze said. "You might not have them for long as any disgruntled employee can rename the files and take control of those assets without this patch."

Schultze said that Microsoft Security Bulletin MS08-063 and MS08-065, while labeled "important," is more than likely critical for a company's security. Both vulnerabilities allow for remote code execution, a favored target of hackers. MS08-063 in particular is dangerous because it impacts the Microsoft Server Message Block (SMB) protocol.

"That's the file- and printer-sharing protocol," Schultze said. "It's the protocol you use to log in and send something to the printer. So, if I go to my S drive and rename those files and give it a specifically long file name, then the moment that I do that, I can own that file server without human interaction. ... It's the first time in a long time we have seen these server-side vulnerabilities."

MS08-065 is a hole in Microsoft's Message Queuing Service (MSMQ) on Windows 2000 systems. The vulnerability could allow remote code execution on Microsoft Windows 2000 systems with the MSMQ service enabled.

Schultze also noted that five of the 11 bulletins posted by Microsoft are addressing vulnerabilities found in Windows Vista and Windows Server 2008. "This really shows us that these operating systems are impacted by legacy code that goes back to Windows 1998 or earlier," he said.

As it has done for the last few quarters, Microsoft is hosting a Webcast on Oct. 15 to address customer questions on these bulletins.

Customers are also being warned about an e-mail sent out by hackers who are posing as a Microsoft security executive.

An e-mail to many of Microsoft's customers claiming to be from Steve Lipner, Microsoft's security assurance director, is in fact a Mal/EncPk-CZ Trojan virus that allows hackers to gain remote control over an infected PC.

The note reads: "Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. Since public distribution of this update through the official website http://www.microsoft.com would have resulted in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users."

Microsoft said that it never sends out security updates by mail and warns customers not to open any attachments within the e-mail.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4262
Published: 2014-07-28
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-...

CVE-2013-4840
Published: 2014-07-28
Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.

CVE-2013-7393
Published: 2014-07-28
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions...

CVE-2014-2974
Published: 2014-07-28
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

CVE-2014-2975
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.