 |
 Microsoft releases first monthly security update but without a fix for the recent RPC flaw
October 17, 2003
Microsoft released its first monthly security update on Wednesday since announcing the new initiative last week.
The update includes seven software patches to address recently discovered security flaws, five of which are rated as 'critical'.
These flaws can lead to a range of problems, including providing hackers with the opportunity to mount a denial of service attack, to run arbitrary code on a targeted machine, or to take over a compromised machine altogether.
The seven vulnerabilities are:
MS03-041: vulnerability in authenticode verification could allow an ActiveX control to download and install without asking the user for approval to do so. An attacker could host a malicious Web site designed to exploit this vulnerability.
MS03-042: buffer overflow in Windows Troubleshooter ActiveX control code allow a buffer overflow that would let an attacker run malicious code on a user's system.
MS03-043: buffer overrun in Messenger service could allow arbitrary code to be executed on an affected system. The vulnerability results because the Messenger Service doesn't properly validate the length of a message before passing it on to the allocated buffer.
MS03-044: buffer overrun in Windows Help and Support Center could lead to system compromise.
MS03-045: buffer overrun in the ListBox and in the ComboBox control affects Windows NT, Windows 2000, Windows XP and Windows Server 2003 and could enable a hacker to seize control over the system by using Utility Manager in Windows 2000.
MS03-046: vulnerability in the Internet Mail Service that could allow an attacker to shut down the Internet Mail Service or cause the server to stop responding.
MS03-047: a "moderate" vulnerability in Microsoft Exchange Server 5.5, Service Pack 4
Meanwhile all security experts are warning of a vulnerability that could allow attackers to launch a denial of service (DoS) attack against machines running Windows 2000 and XP.
The vulnerability, in the Microsoft Remote Procedure Call (RPC) service, was first discovered by security firm Internet Security Systems (ISS).
The flaw affects PCs even with the most current Windows security fixes applied, including computers patched against the RPC flaw described in Microsoft Security Bulletin MS03-039.
Redmond based media giant has not yet issued a fix for the vulnerability, and urged network administrators to evaluate external exposure to flaws related to Microsoft services running on ports 135, 137, 138, 139, 445 and 593 on both the network perimeter and VPN connections.
Users of most personal firewalls should be well protected against the flaw since most firewalls (like Outpost Firewall or Zone Alarm) can block access to computer ports, or ask users to permit the connection.
|
|
