two
Volume 3, Number 23 -- July 12, 2006

Patch Tuesday Takes Aim at 18 Exposures

Published: July 12, 2006

by Alex Woodie

Microsoft on Tuesday unveiled seven patches fixing 18 security vulnerabilities in its software, including five that it deems critical. Included in yesterday's haul are fixes for eight problems in Excel, another five targeting Office, and two that fix problems in Active Server Pages (ASP). Microsoft says it is aware of active exploits for two of the vulnerabilities, but if past Patch Tuesdays are any guide, more exploits for these flaws are on the way.

We kick off today's round up of yesterday's Patch Tuesday with Microsoft Security Bulletin MS06-035, which fixes two vulnerabilities in the server services function of all recent versions of Windows. One of these flaws, the Mailslot Heap Overflow vulnerability, carries a critical risk of remote code execution. Any anonymous user could send a specially crafted network packet to an affected system that could give him complete control.

Microsoft says it is not aware of any current attacks using this flaw, which was privately reported by TippingPoint Security Research Team a division of 3Com dedicated to security research and developing security tools. This security patch also revisits another vulnerability, the SMB (server message block) Information Disclosure vulnerability, which carries a low risk of information disclosure.

All Windows users except users of the Windows 98/ME/SE code are encouraged to apply Microsoft Security Bulletin MS06-036 immediately. This patch fixes a critical buffer overflow vulnerability in Windows' Dynamic Host Configuration Protocol (DHCP) service that could allow an attacker to take complete control of a system if he successfully sent a malformed DHCP message. However, Microsoft assures us that nobody is being attacked through this flaw, which was privately reported to Microsoft by CYBSEC Security Systems, a security software company serving South and Central America.

Microsoft Security Bulletin MS06-037 fixes eight vulnerabilities in Excel, including all Windows and Macintosh versions that have shipped since Office 2000. The vulnerabilities, which range in severity from important to critical, could allow an attacker to take complete control of a computer if the victim were to open an Excel spreadsheet that had maliciously crafted records, including COLINFO records, OBJECT records, LABEL records, FNGROUPCOUNT value records, and two types of SELECTION records; two other general purpose vulnerabilities are also included in this security update.

Microsoft said it is not aware of any current attacks using seven of the eight vulnerabilities, which were all privately reported. The eighth vulnerability, the Excel Malformed File vulnerability, which was publicly disclosed last month, is actively being exploited in the wild, according to Microsoft.

Microsoft Security Bulletin MS06-038 fixes three security flaws affecting every version of Office since Office 2000 service pack 3. These vulnerabilities, which range in severity from critical (on Office 2000) to important (Office 2002, Office 2003, and Office 2004 for Mac), carry the risk of remote code execution.

Of these three, only the Malformed String Parsing vulnerability, which was publicly disclosed, is being actively utilized by ne'er-do-wells in the field, according to Microsoft; the Office Property and Office Parsing vulnerabilities were privately reported, the software giant says. According to eEye Digital Security , attackers often try to use these vulnerabilities to infect users by sending malware in spam e-mails, so this patch should be applied.

The final critical patch, Microsoft Security Bulletin MS06-039, fixes two vulnerabilities in Office's image handling capabilities that could allow an attacker to execute code on affected systems. Neither of the vulnerabilities, which were privately disclosed and relate to Office's handling of PNG and GIF files, are being exploited in the wild, Microsoft says. Again, these vulnerabilities are only considered critical on Office 2000 systems.

Microsoft Security Bulletin MS06-033 fixes a problem that could allow an attacker to bypass ASP.NET security provisions to access information about a victim. The vulnerability, dubbed the .NET 2.0 Application Folder vulnerability, affects all desktop and server versions of Windows, except for Windows 98/ME/SE. Microsoft says the flaw, discovered by PRISMA Informatik of Czechoslovakia, is not being targeted in the field.

Microsoft Security Bulletin MS06-034 fixes a moderate to important remote code execution vulnerability relating to an unchecked buffer in the Active Server Pages (ASP) handling capabilities of Internet Information Services (IIS) versions 5.0, 5.1, and 6.0. The vulnerability, which Microsoft says was privately reported and isn't being utilized in the field, afflicts IIS running on all versions of the operating system from Windows 2000 SP4 to Windows Server 2003 SP1; however, it does not affect Windows XP Home Edition SP1 or SP2.

Sponsored By
WORLD DATA PRODUCTS

FREE Intel Server Spec Book.

FREE 86-page Server Spec Book. This new 86-page guide from World Data Products is the definitive resource on processor, memory and storage specifications for Dell PowerEdge, HP/Compaq ProLiant, and IBM xSeries servers.

A must for everyone involved in the design, installation and maintenance of servers.

To order click here or call 800-553-0592.
Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

Vision Solutions:  Get facts on managed availability and business continuity to eliminate downtime
Wolf Computer Consulting:  Reliable service and affordable rates for business computing needs
COMMON:  Join us at the Fall 2006 conference, September 17-21, in Miami Beach, Florida

 
THIS ISSUE SPONSORED BY:

OpenLogic
MKS
World Data Products
Lakeview Technology
Micro Focus



TABLE OF CONTENTS
EC Fines Microsoft $357 Million

Microsoft Introduces CRM Live at Partner Confab

Patch Tuesday Takes Aim at 18 Exposures

Sun Fleshes Out Galaxy Opteron Server Line

But Wait, There's More:

Idealstor Adds CDP to Backup Repertoire That Includes 'Ejectable' Disks . . . Microsoft Says 'Yes' to ODF in Office 2007 . . . Odds on On-Time Vista Ship: 80 Percent, Gates Says . . . Windows SBS 2003 R2 Brings 'Green Check' Functionality . . . Faulty Business Data Leads to Bad Decisions, Workers Say . . . Fabric7 Tweaks Opteron Servers, Adds Windows and Solaris Support . . .

The Windows Observer

BACK ISSUES

The Four Hundred
Why Unix Experience Matters for System i5 Sales

Micro Memory Bank: Another System i Clone Memory Maker

Open Source RPG Apps: The 'Bright Future' That Didn't Happen

The X Factor: Is Memory-Based Software Pricing the Answer?

The Linux Beacon
Red Hat Continues Booming Growth in Fiscal Q1

Transitive Emulator Ports Sparc/Solaris Apps to Linux on Xeon, Itanium

Top 500 Supers: Brace Yourself for Petaflops Systems

Yankee Says Windows Improves and Bests Linux

Big Iron
For Some, Entry z9 BC Models Are Cheap

Top Mainframe Stories and Vendor Announcements

Chats, Webinars, Seminars, Shows, and Other Happenings

The Unix Guardian
Transitive Emulator Ports Sparc/Solaris Apps to Linux on Xeon, Itanium

Top 500 Supers: Brace Yourself for Petaflops Systems

Intel Comes Out Swinging with Woodcrest Xeons

Yankee Says Windows Improves, But Still Not Unix


 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement