Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/9/2008
04:09 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft Patch Day Brings Eight Security Bulletins

The bulletins address 28 vulnerabilities in Windows Search, Internet Explorer, Microsoft Office, and other Microsoft software.

Microsoft on Tuesday released eight security bulletins and one security advisory as part of its regularly scheduled patch day.

Six of the bulletins are rated "critical" and two are rated "important."

The advisory was issued to alert users that Microsoft is investigating reports of a vulnerability in the WordPad Text Converter for Word 97 files on Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2.

Windows XP Service Pack 3, Windows Vista, and Windows Server 2008 aren't affected by the advisory. The bulletins address 28 vulnerabilities in the following software: the Windows graphics device interface, Windows Search, Internet Explorer, Visual Basic 6.0 Runtime Extended Files, Word, Excel, SharePoint Server, and Windows Media Components.

Eric Schultze, CTO of Shavlik Technologies, observed in an e-mailed statement that the first five bulletins -- MS08-070 to MS08-74 -- represent client-side vulnerabilities. These could be exploited by an attacker if the user visited a malicious Web site or opened a malicious file.

MS08-075 addresses two privately reported vulnerabilities in Windows Search that could allow remote execution of malicious code if the user opens a maliciously crafted saved search file in Windows Explorer or if a the user clicks on a maliciously crafted URL.

Schultze said that MS08-075 is a variant of an attack patched in July. He said he considers it low-risk because few people save and execute a search file.

MS08-076 addresses two privately reported vulnerabilities in Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The more serious of the two could allow remote code execution, but Microsoft rates this bulletin as only important because the severity of the attack is mitigated if the user doesn't have administrative rights.

If exploited, this vulnerability could be used to transmit the user's logon credentials to the attacker after the user clicked on a malicious Window Media URL.

According to Schultze, the exploit would be similar to that used to take advantage of the MS08-068 vulnerability, which was patched in November.

"Microsoft says that Windows Media Player doesn't play by the same rules as the operating system, and that's why this issue wasn't fixed in the November patch release," he said. "This issue could become very serious if attackers figure out how to create the evil URLs."

Tyler Reguly, a security research engineer with nCircle, sees MS08-077 as the most significant bulletin and believes it should be elevated from "important" to "critical." The SharePoint vulnerability, he said in an e-mailed statement, "allows an unauthenticated attacker to access administrative controls. While the successful attacker would technically elevate privilege (anonymous to administrator), this vulnerability allows access controls to be bypassed altogether. For most people, privilege escalation means elevating regular user access to administrator, which may cause administrators to patch this issue with less urgency."

Dee Liebenstein, senior director of product management for Lumension, said that all of these patches should be taken seriously. "Most of these are ranked 'highly exploitable,'" she said, referring to the exploitability index that Microsoft introduced several months ago.

She advises IT managers to install the Windows and Internet Explorer patches as soon as possible, despite the system and server restart that will be required.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
Jai Vijayan, Contributing Writer,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19719
PUBLISHED: 2019-12-11
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.
CVE-2019-19720
PUBLISHED: 2019-12-11
Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file.
CVE-2019-19707
PUBLISHED: 2019-12-11
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
CVE-2019-19708
PUBLISHED: 2019-12-11
The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.
CVE-2019-19709
PUBLISHED: 2019-12-11
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.