SwiftecIT: Corporate Quality IT for growing businesses SwiftecIT: Corporate Quality IT for growing businesses SwiftecIT: Corporate Quality IT for growing businesses

Posts Tagged ‘Patch tuesday’

‘Fully Patched’ Microsoft Windows XP, 2000 Still Vulnerable To Attack

Wednesday, July 7th, 2010

Source

By Stefanie Hoffman, CRN 8:04 PM EDT Tue. Jul. 06, 2010

There’s yet another critical Microsoft (NSDQ:MSFT) Windows vulnerability out there, this time in fully patched Windows 2000 and Windows XP versions, which can be exploited by hackers to launch malicious attacks, security firm Secunia reported.The Windows vulnerability, which Secunia rates as “moderately critical” is the result of a boundary error in the “UpdateFrameTitleForDocument()” function of the CFrameWnd class in mfc42.dll. The vulnerability can be exploited to cause a stack-based buffer overflow error, which occurs by passing an overly long title string argument to the vulnerable function.

If exploited, the vulnerability can open the door for hackers to launch remote code execution attacks, aimed at taking control of a user’s computer and stealing sensitive data, typically through social engineering schemes. Specifically, the vulnerability is confirmed in fully patched versions of Windows 2000 Professional SP4 and Windows XP SP2/SP3, although other versions may also be affected. In addition, the PowerZip version 7.2 Build 4010 was also found to be an attack vector exploiting the flaw, the Secunia advisory states.

Thus far, Microsoft has yet to release a patch fixing the error, and has not yet issued an advisory warning users about the flaw. Until then, Secunia recommends that users restrict access to applications that allow user-controlled input to be passed to the vulnerability.

Tags: ,
Posted in Alerts, IT in the Workplace | No Comments »

Microsoft Patch Release Fixes Windows Kernel Bug

Tuesday, November 17th, 2009
By Kevin McLaughlin, ChannelWeb
6:34 PM EST Tue. Nov. 10, 2009

Microsoft (NSDQ:MSFT) on Tuesday issued its November patch update, which fixes a total of 15 vulnerabilities in Windows, Windows Server, and Office, including one that has already been made public.The MS09-065 bulletin is the most urgent of the six bulletins in this month’s update and addresses three vulnerabilities pertaining to the Windows kernel. Of these three, a vulnerability that affects the way the Windows kernel parses Embedded OpenType fonts is the most critical because the party that reported it to Microsoft also disclosed it to the public.

Attackers could use this remote code execution vulnerability to set up a rigged Web site with embedded fonts that could enable them to take control of visitors’ PCs, says Jason Miller, Data and Security Team Leader at Shavlik Technologies, a St. Paul, Minn.-based security vendor.

“The Internet is the number one attack vector,” said Miller. “With this one, all an attacker has to do is lure someone to a Web site, and because it’s public, there’s a race going on right now to exploit it.”

The MS09-063 bulletin deals with a vulnerability that only affects Windows Vista and Windows Server 2008. It affects the Web Services on Devices API (WSDAPI) service, which is designed to help improve the user experience by allowing users to easily find devices on the network. Ironically, this convenience means that the service can be exploited by attackers through the use of specially crafted packets, according to Miller.

“Windows relies on services running in the background to carry out commands for you. The problem is, with every new feature in Windows there is a new line of code,” and the attack target grows larger, Miller said.

Windows 2000 isn’t in widespread use but is still kicking around the corners of some companies’ server rooms. Two November Microsoft bulletins, MS09-066 and MS09-064, target vulnerabilities in Windows 2000 that could create problems for these firms.

One of these is a remote code execution flaw in License Logging Server, a service that’s on by default in Windows 2000. This one would have been a big deal six years ago, when Windows 2000 was more prevalent. Still, companies that are still running older applications such as point of sale systems on Windows 2000 should apply this patch, Miller said.

The other Windows 2000-specific vulnerability affects Active Directory and could lead to denial of service attacks, although this one is difficult to exploit, Miller said.

Rounding out this month’s Patch Tuesday release, which follows October’s record 13 bulletins, are fixes for several vulnerabilities in Microsoft Word and Excel and hold the potential for remote code execution, according to Microsoft.

Tags:
Posted in Alerts, IT in the Workplace | 1 Comment »

Microsoft To Release Five Critical Patches Tuesday

Friday, September 4th, 2009

Microsoft will roll out a total of five critical patches for numerous versions of Windows operating systems in its upcoming September “Patch Tuesday” security update release, according to a Microsoft Advanced Notification bulletin posted Thursday.All five patches plug holes that allow remote code execution, indicating that hackers could remotely exploit the vulnerabilities by launching malicious code to infiltrate users’ PCs. Hackers often execute information-stealing malware for identity-theft activities, typically enticing users to click on infected links or visit a malicious site through some kind of social engineering scheme.

Of the five critical patches Microsoft plans to release, two require mandatory restarts, which is anticipated to cause some level of enterprise disruption, experts said.

Altogether, the patches target several versions of Windows, including Windows 2000, XP and Vista, as well as all three of Microsoft’s server platforms 2000, 2003 and 2008. However, security experts speculate on whether the current critical patch load will also include fixes for Windows 7, scheduled for release Oct. 22, in light of the fact that the soon-to-be-released operating system shares a significant amount of code with Windows Vista.

“Given the significant amount of code shared between Vista and Windows 7, it is likely that some of these security bulletins could apply to Windows 7 or Server 2008 R2, but this is not addressed in the information released today by Microsoft,” said Don Leatham, director of solutions and strategy for Lumension, in an e-mail.

What is likely not to be included in the Patch Tuesday bulletin is a fix for a recent security vulnerability affecting the FTP Service in Microsoft Internet Information Services 5.0. Microsoft released a security bulletin Tuesday warning users about the vulnerability after detailed exploit code was published on the Web.

If exploited, hackers could execute remote code on affected systems connected to the Internet and running the FTP service.

In an effort to help mitigate the vulnerability, the U.S. Computer Emergency Readiness Team (CERT) issued a warning Wednesday, advising IT administrators to disable anonymous write access to the FTP server, “although a proper impact analysis should be performed prior to taking defensive measures,” CERT said in its advisory.

So far there are no known attacks exploiting the FTP vulnerability, however, Microsoft said it will continue to further investigate and monitor the situation. The vulnerability will likely be repaired in a monthly security bulletin or in an out-of-band patch.

Tags:
Posted in Alerts, IT in the Workplace | No Comments »

Microsoft Patch tuesday – 8 security patches & more

Monday, May 4th, 2009

Microsoft (NSDQ:MSFT) kicked off Patch Tuesday with the release of eight security bulletins that covered a total of 23 vulnerabilities, many of which could enable attackers to launch malicious attacks remotely on users’ PCs.

Altogether, the patch load plugged an array of security holes in Windows, Microsoft Office, Internet Explorer and Microsoft Internet Security and Acceleration Server. Of the eight security updates released, five were ranked critical, indicating that hackers could exploit the vulnerabilities to launch arbitrary code on victims’ computers. In addition, two were given the less severe ranking of “important” and one ranked as “moderate.” Two of the critical flaws are actively exploited in the wild.

Tags:
Posted in IT in the Workplace | No Comments »