October patches fix four threats

Article

October patches fix four threats

Serdar Yegulalp
Of the nasties unveiled in Microsoft's October Windows patch security summary, four of them stand out in particular since they pose the broadest range of threats. It's interesting to see Windows Vista represented in at least three of the attacks in question -- although in each case the scope of the attack is narrow enough that even before applying the patches in question, a sensible user or administrator can generally avoid a problem.

  • A cumulative update for Internet Explorer, editions 5 through 7, fixes a slew of problems rated "Moderate" to "Critical" -- a memory-corruption problem that might allow arbitrary code to run and two address-bar spoofing issues that could be exploited by phishing sites. This is one of the largest issues for the whole month, not just because it's an IE issue but because at least one of the spoofing problems is publicly known (although it has not yet been known to be used as an attack vector). Viewing sites in IE's Restricted zone would help mitigate both of these problems, but the best long-term solution is of course Microsoft's own fix.

  • An RPC denial-of-service attack, which both Vista and earlier versions of Windows are vulnerable, makes it possible to crash the Remote Procedure Call service by sending a malformed remote procedure call request.

      • Requires Free Membership to View

      Login

      When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by IT professionals today working with desktop management and security technologies.

      Margie Semilof, Editorial Director

      By submitting your registration information to SearchEnterpriseDesktop.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseDesktop.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

    • More Microsoft patch stories
      AutoPatcher lives

      Gadget patch tool patches free office apps

      PCs that are behind firewalls that block the RPC listeners would not be at risk, so almost any PC that's protected by a firewall would be safe from this threat. However, there's always the chance an attacker could exploit this threat from behind a firewall, between machines that have RPC ports open to each other and which are assumed to be safe.

    • An exploit in the Network News Transfer Protocol component in Outlook Express and Windows Mail (the OE replacement in Vista) could allow remote code execution if the user were tricked into clicking a specially-crafted URL to open the program. The scope of the attack would only be limited to what the user himself could do (which is further locked down by default in Vista), and Windows Mail itself warns the user if a Web page is trying to launch it manually.

      Finally, the exploit isn't known to be in the wild, so there's little if any danger of blundering into this problem by yourself before applying the recommended fix for the product.

    • An exploit in the Kodak Image Viewer in Windows 2000, XP and Server 2003 (pre-SP1) could also enable remote code execution if someone viewed a specially-crafted image file. This is a relatively small problem, though. For one thing, XP and Server 2003 systems are only vulnerable if they were upgraded from Windows 2000, which means the vast majority of XP installations are not immediately vulnerable.

      The problem is also moot if the user has another image viewer, like IRFANVIEW, installed as the default image viewer. (Windows Vista doesn't use the Kodak Image Viewer application anymore and, therefore, isn't vulnerable to this issue.)

      Serdar Yegulalp wrote for Windows Magazine from 1994 through 2001, covering a wide range of technology topics. He now plies his expertise in Windows NT, Windows 2000 and Windows XP as publisher of The Windows 2000 Power Users Newsletter and writes technology columns for TechTarget.


    Back to top