October patches fix four threats
Of the nasties unveiled in Microsoft's October Windows patch security summary, four of them stand out in particular since they pose the broadest range of threats. It's interesting to see Windows Vista represented in at least three of the attacks in question -- although in each case the scope of the attack is narrow enough that even before applying the patches in question, a sensible user or administrator can generally avoid a problem.
A cumulative update for Internet Explorer, editions 5 through 7, fixes a slew of problems rated "Moderate" to "Critical" -- a memory-corruption problem that might allow arbitrary code to run and two address-bar spoofing issues that could be exploited by phishing sites. This is one of the largest issues for the whole month, not just because it's an IE issue but because at least one of the spoofing problems is publicly known (although it has not yet been known to be used as an attack vector). Viewing sites in IE's Restricted zone would help mitigate both of these problems, but the best long-term solution is of course Microsoft's own fix.
An RPC denial-of-service attack, which both Vista and earlier versions of Windows are vulnerable, makes it possible to crash the Remote Procedure Call service by sending a malformed remote procedure call request.
PCs that are behind firewalls that block the RPC listeners would not be at risk, so almost any PC that's protected by a firewall would be safe from this threat. However, there's always the chance an attacker could exploit this threat from behind a firewall, between machines that have RPC ports open to each other and which are assumed to be safe.
An exploit in the Network News Transfer Protocol component in Outlook Express and Windows Mail (the OE replacement in Vista) could allow remote code execution if the user were tricked into clicking a specially-crafted URL to open the program. The scope of the attack would only be limited to what the user himself could do (which is further locked down by default in Vista), and Windows Mail itself warns the user if a Web page is trying to launch it manually.
Finally, the exploit isn't known to be in the wild, so there's little if any danger of blundering into this problem by yourself before applying the recommended fix for the product.
An exploit in the Kodak Image Viewer in Windows 2000, XP and Server 2003 (pre-SP1) could also enable remote code execution if someone viewed a specially-crafted image file. This is a relatively small problem, though. For one thing, XP and Server 2003 systems are only vulnerable if they were upgraded from Windows 2000, which means the vast majority of XP installations are not immediately vulnerable.
The problem is also moot if the user has another image viewer, like IRFANVIEW, installed as the default image viewer. (Windows Vista doesn't use the Kodak Image Viewer application anymore and, therefore, isn't vulnerable to this issue.)
Serdar Yegulalp wrote for Windows Magazine from 1994 through 2001, covering a wide range of technology topics. He now plies his expertise in Windows NT, Windows 2000 and Windows XP as publisher of The Windows 2000 Power Users Newsletter and writes technology columns for TechTarget.