Microsoft issues critical fixes

The software giant issues critical patches to plug security holes in Internet Explorer, Media Player, MSN Messenger and Microsoft Office.

Microsoft handed IT administrators a hefty pile of security patches Tuesday, fixing flaws in such widely used programs as Internet Explorer, Media Player, MSN Messenger and Microsoft Office. Attackers could use many of these flaws to take over computers, view sensitive data and launch malicious code.

Of the 12 bulletins the software giant released, eight are rated "critical," three are "important" and one is "moderate."

"Though we already knew how many bulletins were coming, I was surprised by the number of those marked as critical," said Lenny Zeltser, an independent IT security consultant and handler for the Bethesda, Md.-based SANS Internet Storm Center (ISC). Zeltser and his colleagues analyzed the bulletins based on what they saw as the top four priorities. Those priorities are outlined on the ISC site.

Max Caceres, director of product management for Boston-based Core Security Technologies, said the MSN Messenger vulnerability concerns him most. "No user interaction is required to exploit this," he said. "Your computer could be compromised and you'd never know it. That's the worst kind of vulnerability."

Critical patches summarized
MS05-005 fixes a buffer overrun in Microsoft Office XP software an attacker could use to launch malicious code and take control of the affected system.

MS05-009 fixes a glitch in Media Player, Windows Messenger and MSN Messenger an attacker could also use to take control of vulnerable machines.

Media Player doesn't properly handle .png files with excessive width or height. "An attacker could try to exploit the vulnerability by constructing a malicious .png that could potentially allow remote code execution if a user visited a malicious Web site or clicked a link in a malicious e-mail message," Microsoft said. Windows Messenger and MSN Messenger also improperly handle corrupt or malformed .png files.

MS05-010 fixes a license logging service flaw an attacker could use to take over affected machines.

This affects those using Windows NT Server 4.0, Windows 2000 Server Service Pack 3 and Service Pack 4; and Windows Server 2003.

MS05-011 fixes a Server Message Block flaw an attacker could use to take over affected systems.

This affects those using Windows 2000 Service Pack 3 and Service Pack 4; Windows XP Service Pack 1 and Service Pack 2; Windows XP 64-Bit Edition Service Pack 1; Windows XP 64-Bit Edition Version 2003; and Windows Server 2003.

MS05-012 fixes a glitch in how affected operating systems and programs access memory when they process COM structured storage files. An attacker could use this flaw to take control of affected machines. It also fixes a problem in how Microsoft's Object Linking and Embedding (OLE) framework handles input validation. "An attacker could exploit the vulnerability by constructing a malicious document that could potentially allow remote code execution," Microsoft said.

This affects those using Windows, Exchange Server, Microsoft Office or other third-party applications using OLE.

MS05-013 fixes a cross-domain vulnerability in the Microsoft Dynamic HTML Editing Component of ActiveX control. "An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited that page," Microsoft said.

This affects those using Windows 2000 Service Pack 3 and Service Pack 4, XP Service Pack 1 and Service Pack 2; Windows XP 64-Bit Edition Service Pack 1; Windows XP 64-Bit Edition Version 2003; and Windows Server 2003.

MS05-014 fixes four security holes in Internet Explorer.

The first is a privilege elevation vulnerability in how Internet Explorer handles drag-and-drop events. "An attacker could exploit the vulnerability by constructing a malicious Web page. This malicious Web page could potentially allow an attacker to save a file on the user's system if a user visited a malicious Web site or viewed a malicious e-mail message," Microsoft said.

The second vulnerability is in how Internet Explorer handles certain encoded URLs. "An attacker could exploit the vulnerability by constructing a malicious URL," Microsoft said. "This malicious URL could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. The URL could be made to look like a link to another Web site in an attempt to trick a user into clicking it."

The third vulnerability is in how the browser handles certain DHTML methods and the fourth is a cross-domain vulnerability "that could allow information disclosure or remote code execution on an affected system," Microsoft said.

MS05-015 fixes a vulnerability in Windows' Hyperlink Object Library. "This problem exists because of an unchecked buffer while handling hyperlinks," Microsoft said. "An attacker could exploit the vulnerability by constructing a malicious hyperlink, which could potentially lead to remote code execution if a user clicks a malicious link within a Web site or e-mail message."

Important patches summarized
MS05-004 fixes a vulnerability in ASP.NET an attacker could use to bypass the security of an ASP.NET Web site and gain unauthorized access.

MS05-007 fixes an information disclosure vulnerability in Windows an attacker could use to remotely read user names for users with an open connection to an available shared resource.

MS05-008 fixes a flaw in how Windows handles drag-and-drop events. "An attacker could exploit the vulnerability by constructing a malicious Web page," Microsoft said. "This malicious Web page could potentially allow an attacker to save a file on the user's system if a user visited a malicious Web site or viewed a malicious e-mail message."

Moderate bulletin summarized
MS05-006 fixes a cross-site scripting and spoofing vulnerability in Windows SharePoint Services and SharePoint Team Services. An attacker could exploit this to convince a user to run a malicious script. "If this malicious script is run, it would execute in the security context of the user," Microsoft said.

This article originally appeared on SearchSecurity.com.

Dig deeper on Patches, alerts and critical updates

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close